rhsa-2022_4919
Vulnerability from csaf_redhat
Published
2022-06-06 16:00
Modified
2024-12-01 12:43
Summary
Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.5 security update on RHEL 8
Notes
Topic
A security update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime.
This release of Red Hat JBoss Enterprise Application Platform 7.4.5 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.4 and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.5 Release Notes for information about the most significant bug fixes and enhancements included in this release.
Security Fix(es):
* h2: Loading of custom classes from remote servers through JNDI (CVE-2022-23221)
* jackson-databind: denial of service via a large depth of nested objects (CVE-2020-36518)
* netty-codec: Bzip2Decoder doesn't allow setting size restrictions for decompressed data (CVE-2021-37136)
* netty-codec: SnappyFrameDecoder doesn't restrict chunk length and may buffer skippable chunks in an unnecessary way (CVE-2021-37137)
* h2: Remote Code Execution in Console (CVE-2021-42392)
* netty: control chars in header names may lead to HTTP request smuggling (CVE-2021-43797)
* xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr (CVE-2022-0084)
* wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled (CVE-2022-0866)
* undertow: Double AJP response for 400 from EAP 7 results in CPING failures (CVE-2022-1319)
* OpenJDK: Infinite loop related to incorrect handling of newlines in XMLEntityScanner (JAXP, 8270646) (CVE-2022-21299)
* mysql-connector-java: Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors (CVE-2022-21363)
* xerces-j2: infinite loop when handling specially crafted XML document payloads (CVE-2022-23437)
* artemis-commons: Apache ActiveMQ Artemis DoS (CVE-2022-23913)
* Moment.js: Path traversal in moment.locale (CVE-2022-24785)
* jboss-client: memory leakage in remote client transaction (CVE-2022-0853)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "A security update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime.\n\nThis release of Red Hat JBoss Enterprise Application Platform 7.4.5 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.4 and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.5 Release Notes for information about the most significant bug fixes and enhancements included in this release.\n\nSecurity Fix(es):\n\n* h2: Loading of custom classes from remote servers through JNDI (CVE-2022-23221)\n\n* jackson-databind: denial of service via a large depth of nested objects (CVE-2020-36518)\n\n* netty-codec: Bzip2Decoder doesn't allow setting size restrictions for decompressed data (CVE-2021-37136)\n\n* netty-codec: SnappyFrameDecoder doesn't restrict chunk length and may buffer skippable chunks in an unnecessary way (CVE-2021-37137)\n\n* h2: Remote Code Execution in Console (CVE-2021-42392)\n\n* netty: control chars in header names may lead to HTTP request smuggling (CVE-2021-43797)\n\n* xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr (CVE-2022-0084)\n\n* wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled (CVE-2022-0866)\n\n* undertow: Double AJP response for 400 from EAP 7 results in CPING failures (CVE-2022-1319)\n\n* OpenJDK: Infinite loop related to incorrect handling of newlines in XMLEntityScanner (JAXP, 8270646) (CVE-2022-21299)\n\n* mysql-connector-java: Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors (CVE-2022-21363)\n\n* xerces-j2: infinite loop when handling specially crafted XML document payloads (CVE-2022-23437)\n\n* artemis-commons: Apache ActiveMQ Artemis DoS (CVE-2022-23913)\n\n* Moment.js: Path traversal in moment.locale (CVE-2022-24785)\n\n* jboss-client: memory leakage in remote client transaction (CVE-2022-0853)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2022:4919", url: "https://access.redhat.com/errata/RHSA-2022:4919", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#moderate", url: "https://access.redhat.com/security/updates/classification/#moderate", }, { category: "external", summary: "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/", url: "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/", }, { category: "external", summary: "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/", url: "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/", }, { category: "external", summary: "2004133", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2004133", }, { category: "external", summary: "2004135", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2004135", }, { category: "external", summary: "2031958", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2031958", }, { category: "external", summary: "2039403", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2039403", }, { category: "external", summary: "2041472", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2041472", }, { category: "external", summary: "2044596", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2044596", }, { category: "external", summary: "2047200", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2047200", }, { category: "external", summary: "2047343", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2047343", }, { category: "external", summary: "2060725", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2060725", }, { category: "external", summary: "2060929", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2060929", }, { category: "external", summary: "2063601", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2063601", }, { category: "external", summary: "2064226", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2064226", }, { category: "external", summary: "2064698", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2064698", }, { category: "external", summary: "2072009", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2072009", }, { category: "external", summary: "2073890", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2073890", }, { category: "external", summary: "JBEAP-23121", url: "https://issues.redhat.com/browse/JBEAP-23121", }, { category: "external", summary: "JBEAP-23171", url: "https://issues.redhat.com/browse/JBEAP-23171", }, { category: "external", summary: "JBEAP-23194", url: "https://issues.redhat.com/browse/JBEAP-23194", }, { category: "external", summary: "JBEAP-23241", url: "https://issues.redhat.com/browse/JBEAP-23241", }, { category: "external", summary: "JBEAP-23299", url: "https://issues.redhat.com/browse/JBEAP-23299", }, { category: "external", summary: "JBEAP-23300", url: "https://issues.redhat.com/browse/JBEAP-23300", }, { category: "external", summary: "JBEAP-23312", url: "https://issues.redhat.com/browse/JBEAP-23312", }, { category: "external", summary: "JBEAP-23313", url: "https://issues.redhat.com/browse/JBEAP-23313", }, { category: "external", summary: "JBEAP-23336", url: "https://issues.redhat.com/browse/JBEAP-23336", }, { category: "external", summary: "JBEAP-23338", url: "https://issues.redhat.com/browse/JBEAP-23338", }, { category: "external", summary: "JBEAP-23339", url: "https://issues.redhat.com/browse/JBEAP-23339", }, { category: "external", summary: "JBEAP-23351", url: "https://issues.redhat.com/browse/JBEAP-23351", }, { category: "external", summary: "JBEAP-23353", url: "https://issues.redhat.com/browse/JBEAP-23353", }, { category: "external", summary: "JBEAP-23429", url: "https://issues.redhat.com/browse/JBEAP-23429", }, { category: "external", summary: "JBEAP-23432", url: "https://issues.redhat.com/browse/JBEAP-23432", }, { category: "external", summary: "JBEAP-23451", url: "https://issues.redhat.com/browse/JBEAP-23451", }, { category: "external", summary: "JBEAP-23531", url: "https://issues.redhat.com/browse/JBEAP-23531", }, { category: "external", summary: "JBEAP-23532", url: "https://issues.redhat.com/browse/JBEAP-23532", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_4919.json", }, ], title: "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.5 security update on RHEL 8", tracking: { current_release_date: "2024-12-01T12:43:34+00:00", generator: { date: "2024-12-01T12:43:34+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.1", }, }, id: "RHSA-2022:4919", initial_release_date: "2022-06-06T16:00:48+00:00", revision_history: [ { date: "2022-06-06T16:00:48+00:00", number: "1", summary: "Initial version", }, { date: "2022-06-06T16:00:48+00:00", number: "2", summary: "Last updated version", }, { date: "2024-12-01T12:43:34+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat JBoss EAP 7.4 for RHEL 8", product: { name: "Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8", }, }, }, ], category: "product_family", name: "Red Hat JBoss Enterprise Application Platform", }, { branches: [ { category: "product_version", name: "eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", product: { name: "eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", product_id: "eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly-transaction-client@1.1.15-1.Final_redhat_00001.1.el8eap?arch=src", }, }, }, { category: "product_version", name: "eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", product: { name: "eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", product_id: "eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-h2database@1.4.197-2.redhat_00004.1.el8eap?arch=src", }, }, }, { category: "product_version", name: "eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", product: { name: "eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", product_id: "eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-log4j@2.17.1-2.redhat_00002.1.el8eap?arch=src", }, }, }, { category: "product_version", name: "eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", product: { name: "eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", product_id: "eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly-http-client@1.1.11-1.SP1_redhat_00001.1.el8eap?arch=src", }, }, }, { category: "product_version", name: "eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", product: { name: "eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", product_id: "eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-hal-console@3.3.12-1.Final_redhat_00001.1.el8eap?arch=src", }, }, }, { category: "product_version", name: "eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", product: { name: "eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", product_id: "eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jackson-databind@2.12.6.1-1.redhat_00003.1.el8eap?arch=src", }, }, }, { category: "product_version", name: "eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", product: { name: "eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", product_id: "eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jackson-modules-base@2.12.6-1.redhat_00001.1.el8eap?arch=src", }, }, }, { category: "product_version", name: "eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", product: { name: "eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", product_id: "eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jackson-jaxrs-providers@2.12.6-1.redhat_00001.1.el8eap?arch=src", }, }, }, { category: "product_version", name: "eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", product: { name: "eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", product_id: "eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly-elytron@1.15.12-1.Final_redhat_00001.1.el8eap?arch=src", }, }, }, { category: "product_version", name: "eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", product: { name: "eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", product_id: "eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jackson-annotations@2.12.6-1.redhat_00001.1.el8eap?arch=src", }, }, }, { category: "product_version", name: "eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", product: { name: "eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", product_id: "eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jackson-modules-java8@2.12.6-1.redhat_00001.1.el8eap?arch=src", }, }, }, { category: "product_version", name: "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", product: { name: "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", product_id: "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-jsf-api_2.3_spec@3.0.0-4.SP05_redhat_00002.1.el8eap?arch=src", }, }, }, { category: "product_version", name: "eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", product: { name: "eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", product_id: "eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-remoting@5.0.24-1.SP1_redhat_00001.1.el8eap?arch=src", }, }, }, { category: "product_version", name: "eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", product: { name: "eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", product_id: "eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-hibernate@5.3.26-1.Final_redhat_00002.2.el8eap?arch=src", }, }, }, { category: "product_version", name: "eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", product: { name: "eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", product_id: "eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-xnio-base@3.8.7-1.SP1_redhat_00001.1.el8eap?arch=src", }, }, }, { category: "product_version", name: "eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src", product: { name: "eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src", product_id: "eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-xerces-j2@2.12.0-3.SP04_redhat_00001.1.el8eap?arch=src", }, }, }, { category: "product_version", name: "eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", product: { name: "eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", product_id: "eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-hibernate-validator@6.0.23-1.Final_redhat_00001.1.el8eap?arch=src", }, }, }, { category: "product_version", name: "eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", product: { name: "eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", product_id: "eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-undertow@2.2.17-2.SP4_redhat_00001.1.el8eap?arch=src", }, }, }, { category: "product_version", name: "eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", product: { name: "eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", product_id: "eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jberet@1.3.9-1.SP1_redhat_00001.1.el8eap?arch=src", }, }, }, { category: "product_version", name: "eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", product: { name: "eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", product_id: "eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-netty-tcnative@2.0.48-1.Final_redhat_00001.1.el8eap?arch=src", }, }, }, { category: "product_version", name: "eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", product: { name: "eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", product_id: "eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-server-migration@1.10.0-16.Final_redhat_00015.1.el8eap?arch=src", }, }, }, { category: "product_version", name: "eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", product: { name: "eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", product_id: "eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jackson-core@2.12.6-1.redhat_00001.1.el8eap?arch=src", }, }, }, { category: "product_version", name: "eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", product: { name: "eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", product_id: "eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-snakeyaml@1.29.0-1.redhat_00001.2.el8eap?arch=src", }, }, }, { category: "product_version", name: "eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", product: { name: "eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", product_id: "eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-netty@4.1.72-4.Final_redhat_00001.1.el8eap?arch=src", }, }, }, { category: "product_version", name: "eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", product: { name: "eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", product_id: "eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-netty-transport-native-epoll@4.1.72-1.Final_redhat_00001.1.el8eap?arch=src", }, }, }, { category: "product_version", name: "eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", product: { name: "eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", product_id: "eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly@7.4.5-3.GA_redhat_00001.1.el8eap?arch=src", }, }, }, { category: "product_version", name: "eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", product: { name: "eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", product_id: "eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-activemq-artemis@2.16.0-9.redhat_00042.1.el8eap?arch=src", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly-transaction-client@1.1.15-1.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", product: { name: "eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", product_id: "eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-h2database@1.4.197-2.redhat_00004.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", product: { name: "eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", product_id: "eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-log4j@2.17.1-2.redhat_00002.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", product: { name: "eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", product_id: "eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly-http-client-common@1.1.11-1.SP1_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", product: { name: "eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", product_id: "eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly-http-ejb-client@1.1.11-1.SP1_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", product: { name: "eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", product_id: "eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly-http-naming-client@1.1.11-1.SP1_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", product: { name: "eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", product_id: "eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly-http-transaction-client@1.1.11-1.SP1_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-hal-console@3.3.12-1.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", product: { name: "eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", product_id: "eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jackson-databind@2.12.6.1-1.redhat_00003.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", product: { name: "eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", product_id: "eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jackson-module-jaxb-annotations@2.12.6-1.redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", product: { name: "eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", product_id: "eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jackson-modules-base@2.12.6-1.redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", product: { name: "eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", product_id: "eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jackson-jaxrs-base@2.12.6-1.redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", product: { name: "eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", product_id: "eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jackson-jaxrs-json-provider@2.12.6-1.redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly-elytron@1.15.12-1.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly-elytron-tool@1.15.12-1.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", product: { name: "eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", product_id: "eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jackson-annotations@2.12.6-1.redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", product: { name: "eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", product_id: "eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jackson-datatype-jdk8@2.12.6-1.redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", product: { name: "eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", product_id: "eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jackson-datatype-jsr310@2.12.6-1.redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", product: { name: "eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", product_id: "eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jackson-modules-java8@2.12.6-1.redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", product: { name: "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", product_id: "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-jsf-api_2.3_spec@3.0.0-4.SP05_redhat_00002.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", product: { name: "eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", product_id: "eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-remoting@5.0.24-1.SP1_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", product: { name: "eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", product_id: "eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-hibernate@5.3.26-1.Final_redhat_00002.2.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", product: { name: "eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", product_id: "eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-hibernate-core@5.3.26-1.Final_redhat_00002.2.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", product: { name: "eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", product_id: "eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-hibernate-entitymanager@5.3.26-1.Final_redhat_00002.2.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", product: { name: "eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", product_id: "eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-hibernate-envers@5.3.26-1.Final_redhat_00002.2.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", product: { name: "eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", product_id: "eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-hibernate-java8@5.3.26-1.Final_redhat_00002.2.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", product: { name: "eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", product_id: "eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-xnio-base@3.8.7-1.SP1_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", product: { name: "eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", product_id: "eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-xerces-j2@2.12.0-3.SP04_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-hibernate-validator@6.0.23-1.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-hibernate-validator-cdi@6.0.23-1.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", product: { name: "eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", product_id: "eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-undertow@2.2.17-2.SP4_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", product: { name: "eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", product_id: "eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jberet@1.3.9-1.SP1_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", product: { name: "eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", product_id: "eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jberet-core@1.3.9-1.SP1_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-netty-tcnative@2.0.48-1.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", product: { name: "eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", product_id: "eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-server-migration@1.10.0-16.Final_redhat_00015.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", product: { name: "eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", product_id: "eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-server-migration-cli@1.10.0-16.Final_redhat_00015.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", product: { name: "eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", product_id: "eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-server-migration-core@1.10.0-16.Final_redhat_00015.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", product: { name: "eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", product_id: "eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jackson-core@2.12.6-1.redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", product: { name: "eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", product_id: "eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-snakeyaml@1.29.0-1.redhat_00001.2.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-netty@4.1.72-4.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-netty-all@4.1.72-4.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-netty-buffer@4.1.72-4.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-netty-codec@4.1.72-4.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-netty-codec-dns@4.1.72-4.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-netty-codec-haproxy@4.1.72-4.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-netty-codec-http@4.1.72-4.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-netty-codec-http2@4.1.72-4.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-netty-codec-memcache@4.1.72-4.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-netty-codec-mqtt@4.1.72-4.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-netty-codec-redis@4.1.72-4.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-netty-codec-smtp@4.1.72-4.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-netty-codec-socks@4.1.72-4.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-netty-codec-stomp@4.1.72-4.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-netty-codec-xml@4.1.72-4.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-netty-common@4.1.72-4.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-netty-handler@4.1.72-4.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-netty-handler-proxy@4.1.72-4.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-netty-resolver@4.1.72-4.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-netty-resolver-dns@4.1.72-4.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-netty-resolver-dns-classes-macos@4.1.72-4.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-netty-transport@4.1.72-4.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-netty-transport-classes-epoll@4.1.72-4.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-netty-transport-classes-kqueue@4.1.72-4.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-netty-transport-native-unix-common@4.1.72-4.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-netty-transport-rxtx@4.1.72-4.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-netty-transport-sctp@4.1.72-4.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-netty-transport-udt@4.1.72-4.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", product: { name: "eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", product_id: "eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly@7.4.5-3.GA_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", product: { name: "eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", product_id: "eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly-javadocs@7.4.5-3.GA_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", product: { name: "eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", product_id: "eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly-modules@7.4.5-3.GA_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", product: { name: "eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", product_id: "eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-activemq-artemis@2.16.0-9.redhat_00042.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", product: { name: "eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", product_id: "eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-activemq-artemis-cli@2.16.0-9.redhat_00042.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", product: { name: "eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", product_id: "eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-activemq-artemis-commons@2.16.0-9.redhat_00042.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", product: { name: "eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", product_id: "eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-activemq-artemis-core-client@2.16.0-9.redhat_00042.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", product: { name: "eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", product_id: "eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-activemq-artemis-dto@2.16.0-9.redhat_00042.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", product: { name: "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", product_id: "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-activemq-artemis-hornetq-protocol@2.16.0-9.redhat_00042.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", product: { name: "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", product_id: "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-activemq-artemis-hqclient-protocol@2.16.0-9.redhat_00042.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", product: { name: "eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", product_id: "eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-activemq-artemis-jdbc-store@2.16.0-9.redhat_00042.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", product: { name: "eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", product_id: "eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-activemq-artemis-jms-client@2.16.0-9.redhat_00042.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", product: { name: "eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", product_id: "eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-activemq-artemis-jms-server@2.16.0-9.redhat_00042.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", product: { name: "eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", product_id: "eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-activemq-artemis-journal@2.16.0-9.redhat_00042.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", product: { name: "eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", product_id: "eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-activemq-artemis-ra@2.16.0-9.redhat_00042.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", product: { name: "eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", product_id: "eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-activemq-artemis-selector@2.16.0-9.redhat_00042.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", product: { name: "eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", product_id: "eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-activemq-artemis-server@2.16.0-9.redhat_00042.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", product: { name: "eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", product_id: "eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-activemq-artemis-service-extensions@2.16.0-9.redhat_00042.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", product: { name: "eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", product_id: "eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-activemq-artemis-tools@2.16.0-9.redhat_00042.1.el8eap?arch=noarch", }, }, }, ], category: "architecture", name: "noarch", }, { branches: [ { category: "product_version", name: "eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", product: { name: "eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", product_id: "eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-netty-transport-native-epoll@4.1.72-1.Final_redhat_00001.1.el8eap?arch=x86_64", }, }, }, { category: "product_version", name: "eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", product: { name: "eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", product_id: "eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-netty-transport-native-epoll-debuginfo@4.1.72-1.Final_redhat_00001.1.el8eap?arch=x86_64", }, }, }, ], category: "architecture", name: "x86_64", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", }, product_reference: "eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", }, product_reference: "eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", }, product_reference: "eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", }, product_reference: "eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", }, product_reference: "eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", }, product_reference: "eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", }, product_reference: "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", }, product_reference: "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", }, product_reference: "eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", }, product_reference: "eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", }, product_reference: "eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", }, product_reference: "eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", }, product_reference: "eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", }, product_reference: "eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", }, product_reference: "eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", }, product_reference: "eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", }, product_reference: "eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", }, product_reference: "eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", }, product_reference: "eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", }, product_reference: "eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", }, product_reference: "eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", }, product_reference: "eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", }, product_reference: "eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", }, product_reference: "eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", }, product_reference: "eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", }, product_reference: "eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", }, product_reference: "eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", }, product_reference: "eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", }, product_reference: "eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", }, product_reference: "eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", }, product_reference: "eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", }, product_reference: "eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", }, product_reference: "eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", }, product_reference: "eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", }, product_reference: "eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", }, product_reference: "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", }, product_reference: "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", }, product_reference: "eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", }, product_reference: "eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", }, product_reference: "eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", }, product_reference: "eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", }, product_reference: "eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", }, product_reference: "eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", }, product_reference: "eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", }, product_reference: "eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", }, product_reference: "eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", }, product_reference: "eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", }, product_reference: "eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64 as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", }, product_reference: "eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64 as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", }, product_reference: "eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", }, product_reference: "eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", }, product_reference: "eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", }, product_reference: "eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", }, product_reference: "eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", }, product_reference: "eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", }, product_reference: "eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", }, product_reference: "eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src", }, product_reference: "eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src", relates_to_product_reference: "8Base-JBEAP-7.4", }, ], }, vulnerabilities: [ { cve: "CVE-2020-36518", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2022-03-16T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2064698", }, ], notes: [ { category: "description", text: "A flaw was found in the Jackson Databind package. This cause of the issue is due to a Java StackOverflow exception and a denial of service via a significant depth of nested objects.", title: "Vulnerability description", }, { category: "summary", text: "jackson-databind: denial of service via a large depth of nested objects", title: "Vulnerability summary", }, { category: "other", text: "CodeReady Studio is no longer supported and therefore this flaw will not be addressed in CodeReady Studio.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", ], known_not_affected: [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-36518", }, { category: "external", summary: "RHBZ#2064698", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2064698", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-36518", url: "https://www.cve.org/CVERecord?id=CVE-2020-36518", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-36518", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-36518", }, { category: "external", summary: "https://github.com/advisories/GHSA-57j2-w4cx-62h2", url: "https://github.com/advisories/GHSA-57j2-w4cx-62h2", }, ], release_date: "2020-08-13T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-06-06T16:00:48+00:00", details: "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:4919", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jackson-databind: denial of service via a large depth of nested objects", }, { cve: "CVE-2021-37136", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2021-09-14T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2004133", }, ], notes: [ { category: "description", text: "A flaw was found in Netty's netty-codec due to size restrictions for decompressed data in the Bzip2Decoder. By sending a specially-crafted input, a remote attacker could cause a denial of service.", title: "Vulnerability description", }, { category: "summary", text: "netty-codec: Bzip2Decoder doesn't allow setting size restrictions for decompressed data", title: "Vulnerability summary", }, { category: "other", text: "In the OpenShift Container Platform (OCP), the Hive/Presto/Hadoop components that comprise the OCP Metering stack ship the vulnerable version of netty-codec package. Since the release of OCP 4.6, the Metering product has been deprecated [1], so the affected components are marked as wontfix. This may be fixed in the future.\n\nStarting in OCP 4.7, the elasticsearch component is shipping as a part of the OpenShift Logging product (openshift-logging/elasticsearch6-rhel8). The elasticsearch component delivered in OCP 4.6 is marked as `Out of support scope` because these versions are already under Maintenance Phase of the support.\n\n[1] https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html#ocp-4-6-metering-operator-deprecated", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", ], known_not_affected: [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2021-37136", }, { category: "external", summary: "RHBZ#2004133", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2004133", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2021-37136", url: "https://www.cve.org/CVERecord?id=CVE-2021-37136", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2021-37136", url: "https://nvd.nist.gov/vuln/detail/CVE-2021-37136", }, { category: "external", summary: "https://github.com/netty/netty/security/advisories/GHSA-grg4-wf29-r9vv", url: "https://github.com/netty/netty/security/advisories/GHSA-grg4-wf29-r9vv", }, ], release_date: "2021-09-09T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-06-06T16:00:48+00:00", details: "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:4919", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "netty-codec: Bzip2Decoder doesn't allow setting size restrictions for decompressed data", }, { cve: "CVE-2021-37137", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2021-09-14T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2004135", }, ], notes: [ { category: "description", text: "A flaw was found in the Netty's netty-codec due to unrestricted chunk lengths in the SnappyFrameDecoder. By sending a specially-crafted input, a remote attacker could cause excessive memory usage resulting in a denial of service.", title: "Vulnerability description", }, { category: "summary", text: "netty-codec: SnappyFrameDecoder doesn't restrict chunk length and may buffer skippable chunks in an unnecessary way", title: "Vulnerability summary", }, { category: "other", text: "In OpenShift Container Platform (OCP), the Hive/Presto/Hadoop components that comprise the OCP Metering stack, ship the vulnerable version of netty-codec package.\nSince the release of OCP 4.6, the Metering product has been deprecated [1], hence the affected components are marked as wontfix.\nThis may be fixed in the future.\n\nStarting in OCP 4.7, the elasticsearch component is shipping as a part of the OpenShift Logging product (openshift-logging/elasticsearch6-rhel8). The elasticsearch component delivered in OCP 4.6 is marked as `Out of support scope` because these versions are already under Maintenance Phase of the support.\n\n[1] https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html#ocp-4-6-metering-operator-deprecated", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", ], known_not_affected: [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2021-37137", }, { category: "external", summary: "RHBZ#2004135", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2004135", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2021-37137", url: "https://www.cve.org/CVERecord?id=CVE-2021-37137", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2021-37137", url: "https://nvd.nist.gov/vuln/detail/CVE-2021-37137", }, { category: "external", summary: "https://github.com/netty/netty/security/advisories/GHSA-grg4-wf29-r9vv", url: "https://github.com/netty/netty/security/advisories/GHSA-grg4-wf29-r9vv", }, ], release_date: "2021-09-09T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-06-06T16:00:48+00:00", details: "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:4919", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "netty-codec: SnappyFrameDecoder doesn't restrict chunk length and may buffer skippable chunks in an unnecessary way", }, { cve: "CVE-2021-42392", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, discovery_date: "2022-01-10T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2039403", }, ], notes: [ { category: "description", text: "A flaw was found in h2. The org.h2.util.JdbcUtils.getConnection method of the H2 database takes as parameters the class name of the driver and URL of the database. This flaw allows an attacker to use this URL to send another server’s code, causing remote code execution. This issue is exploited through various attack vectors, most notably through the H2 Console, which leads to unauthenticated remote code execution.", title: "Vulnerability description", }, { category: "summary", text: "h2: Remote Code Execution in Console", title: "Vulnerability summary", }, { category: "other", text: "In OpenShift Container Platform (OCP) the openshift4/ose-metering-presto container image ships the vulnerable version of h2, but as it uses default configuration the impact by this vulnerability is LOW. Additionally, the Presto component is part of the OCP Metering stack and since the release of OCP 4.6, the Metering product has been deprecated [1], hence the affected component is marked as wontfix.\n\n[1] https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html#ocp-4-6-metering-operator-deprecated", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", ], known_not_affected: [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2021-42392", }, { category: "external", summary: "RHBZ#2039403", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2039403", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2021-42392", url: "https://www.cve.org/CVERecord?id=CVE-2021-42392", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2021-42392", url: "https://nvd.nist.gov/vuln/detail/CVE-2021-42392", }, { category: "external", summary: "https://github.com/h2database/h2database/security/advisories/GHSA-h376-j262-vhq6", url: "https://github.com/h2database/h2database/security/advisories/GHSA-h376-j262-vhq6", }, ], release_date: "2022-01-04T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-06-06T16:00:48+00:00", details: "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:4919", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "h2: Remote Code Execution in Console", }, { cve: "CVE-2021-43797", cwe: { id: "CWE-444", name: "Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')", }, discovery_date: "2021-12-09T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2031958", }, ], notes: [ { category: "description", text: "A flaw was found in Netty, specifically in the netty-codec-http package. This flaw allows unauthorized control characters at the beginning and end of a request, does not follow the specification, and can cause HTTP request smuggling.", title: "Vulnerability description", }, { category: "summary", text: "netty: control chars in header names may lead to HTTP request smuggling", title: "Vulnerability summary", }, { category: "other", text: "In OpenShift Container Platform (OCP), the Hive/Presto/Hadoop components that comprise the OCP Metering stack, ship the vulnerable version of netty-codec-http package.\nSince the release of OCP 4.6, the Metering product has been deprecated, hence the affected components are marked as wontfix.\nThe openshift4/ose-logging-elasticsearch6 container is marked as Out of support scope because since the release of OCP 4.7 the logging functionality is delivered as an OpenShift Logging product and OCP 4.6 is already in the Maintenance Support phase.\nA fix was introduced in netty-codec-http version 4.1.72.Final.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", ], known_not_affected: [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2021-43797", }, { category: "external", summary: "RHBZ#2031958", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2031958", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2021-43797", url: "https://www.cve.org/CVERecord?id=CVE-2021-43797", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2021-43797", url: "https://nvd.nist.gov/vuln/detail/CVE-2021-43797", }, { category: "external", summary: "https://github.com/netty/netty/security/advisories/GHSA-wx5j-54mm-rqqq", url: "https://github.com/netty/netty/security/advisories/GHSA-wx5j-54mm-rqqq", }, ], release_date: "2021-12-09T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-06-06T16:00:48+00:00", details: "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:4919", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", version: "3.1", }, products: [ "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "netty: control chars in header names may lead to HTTP request smuggling", }, { cve: "CVE-2022-0084", cwe: { id: "CWE-770", name: "Allocation of Resources Without Limits or Throttling", }, discovery_date: "2022-03-15T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2064226", }, ], notes: [ { category: "description", text: "A flaw was found in XNIO, specifically in the notifyReadClosed method. The issue revealed this method was logging a message to another expected end. This flaw allows an attacker to send flawed requests to a server, possibly causing log contention-related performance concerns or an unwanted disk fill-up.", title: "Vulnerability description", }, { category: "summary", text: "xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr", title: "Vulnerability summary", }, { category: "other", text: "Although the CVSS stands for 7.5 score, the impact remains Moderate as it demands previous knowledge of the environment to trigger the Denial of Service (DoS)", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", ], known_not_affected: [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-0084", }, { category: "external", summary: "RHBZ#2064226", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2064226", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-0084", url: "https://www.cve.org/CVERecord?id=CVE-2022-0084", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-0084", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-0084", }, ], release_date: "2022-03-15T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-06-06T16:00:48+00:00", details: "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:4919", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr", }, { cve: "CVE-2022-0853", cwe: { id: "CWE-401", name: "Missing Release of Memory after Effective Lifetime", }, discovery_date: "2022-03-04T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2060725", }, ], notes: [ { category: "description", text: "A flaw was found in the jboss-client. A memory leak on the JBoss client-side occurs when using UserTransaction repeatedly, leading to an information leakage vulnerability.", title: "Vulnerability description", }, { category: "summary", text: "jboss-client: memory leakage in remote client transaction", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", ], known_not_affected: [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-0853", }, { category: "external", summary: "RHBZ#2060725", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2060725", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-0853", url: "https://www.cve.org/CVERecord?id=CVE-2022-0853", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-0853", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-0853", }, ], release_date: "2022-03-04T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-06-06T16:00:48+00:00", details: "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:4919", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "jboss-client: memory leakage in remote client transaction", }, { acknowledgments: [ { names: [ "Oliver Bieri", ], organization: "Schindler Elevator Ltd., Switzerland", }, ], cve: "CVE-2022-0866", cwe: { id: "CWE-1220", name: "Insufficient Granularity of Access Control", }, discovery_date: "2022-02-02T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2060929", }, ], notes: [ { category: "description", text: "A flaw was found in Wildfly, where it returns an incorrect caller principal under certain heavily concurrent situations when Elytron Security is used. This flaw allows an attacker to gain improper access to information they should not have.", title: "Vulnerability description", }, { category: "summary", text: "wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled", title: "Vulnerability summary", }, { category: "other", text: "JBoss EAP 7.1 until 7.4 is not affected by default as it comes with Legacy Security enabled out-of-the-box. This only affects application scope range and the methods mentioned, no access to server data.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", ], known_not_affected: [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-0866", }, { category: "external", summary: "RHBZ#2060929", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2060929", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-0866", url: "https://www.cve.org/CVERecord?id=CVE-2022-0866", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-0866", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-0866", }, ], release_date: "2022-05-03T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-06-06T16:00:48+00:00", details: "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:4919", }, { category: "workaround", details: "In order to avoid the possibility of information access, review application source code for '@RunAs' and 'run-as-principal' usage. Also, make sure the application is using or not Elytron Security. It's possible to investigate by checking if the commands from '$JBOSS_HOME/docs/examples/enable-elytron.cli' or similar were executed.", product_ids: [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.1, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, products: [ "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled", }, { cve: "CVE-2022-1319", cwe: { id: "CWE-252", name: "Unchecked Return Value", }, discovery_date: "2022-04-11T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2073890", }, ], notes: [ { category: "description", text: "A flaw was found in Undertow. For an AJP 400 response, EAP 7 is improperly sending two response packets, and those packets have the reuse flag set even though JBoss EAP closes the connection. A failure occurs when the connection is reused after a 400 by CPING since it reads in the second SEND_HEADERS response packet instead of a CPONG.", title: "Vulnerability description", }, { category: "summary", text: "undertow: Double AJP response for 400 from EAP 7 results in CPING failures", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", ], known_not_affected: [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-1319", }, { category: "external", summary: "RHBZ#2073890", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2073890", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-1319", url: "https://www.cve.org/CVERecord?id=CVE-2022-1319", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-1319", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-1319", }, ], release_date: "2022-04-11T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-06-06T16:00:48+00:00", details: "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:4919", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "undertow: Double AJP response for 400 from EAP 7 results in CPING failures", }, { cve: "CVE-2022-21299", cwe: { id: "CWE-835", name: "Loop with Unreachable Exit Condition ('Infinite Loop')", }, discovery_date: "2022-01-10T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2041472", }, ], notes: [ { category: "description", text: "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).", title: "Vulnerability description", }, { category: "summary", text: "OpenJDK: Infinite loop related to incorrect handling of newlines in XMLEntityScanner (JAXP, 8270646)", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src", ], known_not_affected: [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-21299", }, { category: "external", summary: "RHBZ#2041472", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2041472", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-21299", url: "https://www.cve.org/CVERecord?id=CVE-2022-21299", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-21299", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-21299", }, ], release_date: "2022-01-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-06-06T16:00:48+00:00", details: "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:4919", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, products: [ "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "OpenJDK: Infinite loop related to incorrect handling of newlines in XMLEntityScanner (JAXP, 8270646)", }, { cve: "CVE-2022-21363", cwe: { id: "CWE-280", name: "Improper Handling of Insufficient Permissions or Privileges ", }, discovery_date: "2022-01-19T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2047343", }, ], notes: [ { category: "description", text: "Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in takeover of MySQL Connectors. CVSS 3.1 Base Score 6.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H).", title: "Vulnerability description", }, { category: "summary", text: "mysql-connector-java: Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", ], known_not_affected: [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-21363", }, { category: "external", summary: "RHBZ#2047343", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2047343", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-21363", url: "https://www.cve.org/CVERecord?id=CVE-2022-21363", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-21363", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-21363", }, { category: "external", summary: "https://www.oracle.com/security-alerts/cpujan2022.html#AppendixMSQL", url: "https://www.oracle.com/security-alerts/cpujan2022.html#AppendixMSQL", }, ], release_date: "2022-01-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-06-06T16:00:48+00:00", details: "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:4919", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.6, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "mysql-connector-java: Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors", }, { cve: "CVE-2022-23221", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, discovery_date: "2022-01-19T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2044596", }, ], notes: [ { category: "description", text: "A flaw was found in the H2 Console. This flaw allows remote attackers to execute arbitrary code via a JDBC URL, concatenating with a substring that allows remote code execution by using a script.", title: "Vulnerability description", }, { category: "summary", text: "h2: Loading of custom classes from remote servers through JNDI", title: "Vulnerability summary", }, { category: "other", text: "In OpenShift Container Platform (OCP) the openshift-enterprise-3.11/metrics-hawkular-metrics-container container image ships a vulnerable version of h2 as part of the underlying images, but as it uses standard configuration and Console is not enabled/started by default, therefore the impact by this vulnerability is LOW and will not be fixed as OCP 3.x has already reached End of Full Support.\n\n[1] https://access.redhat.com/support/policy/updates/openshift_noncurrent", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", ], known_not_affected: [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-23221", }, { category: "external", summary: "RHBZ#2044596", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2044596", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-23221", url: "https://www.cve.org/CVERecord?id=CVE-2022-23221", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-23221", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-23221", }, { category: "external", summary: "https://github.com/advisories/GHSA-45hx-wfhj-473x", url: "https://github.com/advisories/GHSA-45hx-wfhj-473x", }, ], release_date: "2022-01-19T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-06-06T16:00:48+00:00", details: "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:4919", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "h2: Loading of custom classes from remote servers through JNDI", }, { acknowledgments: [ { names: [ "Sergey Temnikov", "Ziyi Luo", ], organization: "Amazon Corretto", summary: "Acknowledged by upstream.", }, ], cve: "CVE-2022-23437", cwe: { id: "CWE-835", name: "Loop with Unreachable Exit Condition ('Infinite Loop')", }, discovery_date: "2022-01-24T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2047200", }, ], notes: [ { category: "description", text: "A flaw was found in the Apache Xerces Java (XercesJ) XML parser when handling specially crafted XML document payloads. This issue causes the XercesJ XML parser to wait in an infinite loop, which may consume system resources for a prolonged duration, leading to a denial of service condition.", title: "Vulnerability description", }, { category: "summary", text: "xerces-j2: infinite loop when handling specially crafted XML document payloads", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src", ], known_not_affected: [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-23437", }, { category: "external", summary: "RHBZ#2047200", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2047200", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-23437", url: "https://www.cve.org/CVERecord?id=CVE-2022-23437", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-23437", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-23437", }, ], release_date: "2022-01-24T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-06-06T16:00:48+00:00", details: "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:4919", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "xerces-j2: infinite loop when handling specially crafted XML document payloads", }, { cve: "CVE-2022-23913", cwe: { id: "CWE-770", name: "Allocation of Resources Without Limits or Throttling", }, discovery_date: "2022-02-05T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2063601", }, ], notes: [ { category: "description", text: "In Apache ActiveMQ Artemis prior to 2.20.0 or 2.19.1, an attacker could partially disrupt availability (DoS) through uncontrolled resource consumption of memory.", title: "Vulnerability description", }, { category: "summary", text: "artemis-commons: Apache ActiveMQ Artemis DoS", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", ], known_not_affected: [ "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-23913", }, { category: "external", summary: "RHBZ#2063601", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2063601", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-23913", url: "https://www.cve.org/CVERecord?id=CVE-2022-23913", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-23913", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-23913", }, { category: "external", summary: "https://lists.apache.org/thread/fjynj57rd99s814rdn5hzvmx8lz403q2", url: "https://lists.apache.org/thread/fjynj57rd99s814rdn5hzvmx8lz403q2", }, ], release_date: "2022-02-04T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-06-06T16:00:48+00:00", details: "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:4919", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "artemis-commons: Apache ActiveMQ Artemis DoS", }, { cve: "CVE-2022-24785", cwe: { id: "CWE-22", name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", }, discovery_date: "2022-04-05T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2072009", }, ], notes: [ { category: "description", text: "A path traversal vulnerability was found in Moment.js that impacts npm (server) users. This issue occurs if a user-provided locale string is directly used to switch moment locale, which an attacker can exploit to change the correct path to one of their choice. This can result in a loss of integrity.", title: "Vulnerability description", }, { category: "summary", text: "Moment.js: Path traversal in moment.locale", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", ], known_not_affected: [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-24785", }, { category: "external", summary: "RHBZ#2072009", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2072009", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-24785", url: "https://www.cve.org/CVERecord?id=CVE-2022-24785", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-24785", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-24785", }, { category: "external", summary: "https://github.com/moment/moment/security/advisories/GHSA-8hfj-j24r-96c4", url: "https://github.com/moment/moment/security/advisories/GHSA-8hfj-j24r-96c4", }, ], release_date: "2022-04-04T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-06-06T16:00:48+00:00", details: "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:4919", }, { category: "workaround", details: "Sanitize the user-provided locale name before passing it to Moment.js.", product_ids: [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, products: [ "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "Moment.js: Path traversal in moment.locale", }, ], }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
Title of the comment
Description of the comment
Loading…
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.