var-201907-0806
Vulnerability from variot
SubTypeValidator.java in FasterXML jackson-databind before 2.9.9.2 mishandles default typing when ehcache is used (because of net.sf.ehcache.transaction.manager.DefaultTransactionManagerLookup), leading to remote code execution. FasterXML jackson-databind Contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. FasterXML Jackson is a data processing tool for Java developed by American FasterXML Company. jackson-databind is one of the components with data binding function. The SubTypeValidator.java file in versions earlier than FasterXML jackson-databind 2.9.9.2 has an input validation error vulnerability. An attacker could exploit this vulnerability to execute code. LOG-1234 - CVE-2020-15586 CVE-2020-16845 openshift-eventrouter: various flaws [openshift-4] LOG-1299 - Release 5.0 Forwarding logs to Kafka using Chained certificates fails with error "state=error: certificate verify failed (unable to get local issuer certificate)"
- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Important: Red Hat Data Grid 7.3.3 security update Advisory ID: RHSA-2020:0727-01 Product: Red Hat JBoss Data Grid Advisory URL: https://access.redhat.com/errata/RHSA-2020:0727 Issue date: 2020-03-05 CVE Names: CVE-2018-14335 CVE-2019-3805 CVE-2019-3888 CVE-2019-9512 CVE-2019-9514 CVE-2019-9515 CVE-2019-9518 CVE-2019-10173 CVE-2019-10174 CVE-2019-10184 CVE-2019-10212 CVE-2019-14379 ==================================================================== 1. Summary:
An update for Red Hat Data Grid is now available.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Description:
Red Hat Data Grid is a distributed, in-memory, NoSQL datastore based on the Infinispan project.
This release of Red Hat Data Grid 7.3.3 serves as a replacement for Red Hat Data Grid 7.3.2 and includes bug fixes and enhancements, which are described in the Release Notes, linked to in the References section of this erratum.
Security Fix(es):
-
HTTP/2: flood using PING frames results in unbounded memory growth (CVE-2019-9512)
-
HTTP/2: flood using HEADERS frames results in unbounded memory growth (CVE-2019-9514)
-
HTTP/2: flood using SETTINGS frames results in unbounded memory growth (CVE-2019-9515)
-
HTTP/2: flood using empty frames results in excessive resource consumption (CVE-2019-9518)
-
xstream: remote code execution due to insecure XML deserialization (regression of CVE-2013-7285) (CVE-2019-10173)
-
infinispan: invokeAccessibly method from ReflectionUtil class allows to invoke private methods (CVE-2019-10174)
-
jackson-databind: default typing mishandling leading to remote code execution (CVE-2019-14379)
-
h2: Information Exposure due to insecure handling of permissions in the backup (CVE-2018-14335)
-
wildfly: Race condition on PID file allows for termination of arbitrary processes by local users (CVE-2019-3805)
-
undertow: leak credentials to log files UndertowLogger.REQUEST_LOGGER.undertowRequestFailed (CVE-2019-3888)
-
undertow: DEBUG log for io.undertow.request.security if enabled leaks credentials to log files (CVE-2019-10212)
-
undertow: Information leak in requests for directories without trailing slashes (CVE-2019-10184)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
- Solution:
To install this update, do the following:
- Download the Data Grid 7.3.3 server patch from the customer portal.
- Back up your existing Data Grid installation. You should back up databases, configuration files, and so on.
- Install the Data Grid 7.3.3 server patch. Refer to the 7.3 Release Notes for patching instructions.
-
Restart Data Grid to ensure the changes take effect.
-
Bugs fixed (https://bugzilla.redhat.com/):
1610877 - CVE-2018-14335 h2: Information Exposure due to insecure handling of permissions in the backup 1660263 - CVE-2019-3805 wildfly: Race condition on PID file allows for termination of arbitrary processes by local users 1693777 - CVE-2019-3888 undertow: leak credentials to log files UndertowLogger.REQUEST_LOGGER.undertowRequestFailed 1703469 - CVE-2019-10174 infinispan: invokeAccessibly method from ReflectionUtil class allows to invoke private methods 1713068 - CVE-2019-10184 undertow: Information leak in requests for directories without trailing slashes 1722971 - CVE-2019-10173 xstream: remote code execution due to insecure XML deserialization (regression of CVE-2013-7285) 1731984 - CVE-2019-10212 undertow: DEBUG log for io.undertow.request.security if enabled leaks credentials to log files 1735645 - CVE-2019-9512 HTTP/2: flood using PING frames results in unbounded memory growth 1735744 - CVE-2019-9514 HTTP/2: flood using HEADERS frames results in unbounded memory growth 1735745 - CVE-2019-9515 HTTP/2: flood using SETTINGS frames results in unbounded memory growth 1735749 - CVE-2019-9518 HTTP/2: flood using empty frames results in excessive resource consumption 1737517 - CVE-2019-14379 jackson-databind: default typing mishandling leading to remote code execution
- References:
https://access.redhat.com/security/cve/CVE-2018-14335 https://access.redhat.com/security/cve/CVE-2019-3805 https://access.redhat.com/security/cve/CVE-2019-3888 https://access.redhat.com/security/cve/CVE-2019-9512 https://access.redhat.com/security/cve/CVE-2019-9514 https://access.redhat.com/security/cve/CVE-2019-9515 https://access.redhat.com/security/cve/CVE-2019-9518 https://access.redhat.com/security/cve/CVE-2019-10173 https://access.redhat.com/security/cve/CVE-2019-10174 https://access.redhat.com/security/cve/CVE-2019-10184 https://access.redhat.com/security/cve/CVE-2019-10212 https://access.redhat.com/security/cve/CVE-2019-14379 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product\xdata.grid&downloadType=patches&version=7.3 https://access.redhat.com/documentation/en-us/red_hat_data_grid/7.3/html-single/red_hat_data_grid_7.3_release_notes/index
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBXmD2b9zjgjWX9erEAQhDqA/9G7uM0HlTt4M6Z9Zc23FSbbr+jj1k/o69 a5WWa+xS3Ko4IvlN5rt+wOHSFet+NTMAerNHzAsB2+viX1hr14Hwf3QnIom/yxbJ PaC1djdaZfcvSIODhbq/C5Ilae09x3rW1voQ39i1Q2bsEqVePLZdC75KjvNLsfqe QJCMvcO3jkccxn7k45baCfTGsFyOhHb17Y9DRarWsC7jO9kEjMxrUPN6qKP6BC9t RMuqDxo1aJnatMeCWb7NA0UpOz0+lFpuR+ZZYPV444nGmfTKrbc9c5TuQUCSP+LD sG1+fh2xMztuGxNiJfgSP3iqHmgXD9TBxh1kxn1kt59llCO5+Uqu/O5OsqeQQ0Ym I+a2VAzn2N776sTbWIZ3231IJex68oG+4/fIo6/FVVJpmtDIDgumgErTPD0kkNuT yyyn3u50RZohzSxEz37QdiQDJbiJcJhmtFR5fLRAbFa8Ys2Gw81PGFba95/kVooX K5uSukzOBm8nhxfBvwZDCY/gWuJwVLSAOJb4VoPZiR2WbZsx+9r+spQv6K9wYr5v s//DY88rsUSaMH4kGco//6Dqis8IwOISr/ZR+Edlnrz1rHv9Z4XerMw56VUKIHva mS7rdNmbLqHN0XfZImxewLca2i7sWIlxWrgKF2f4zEO3ermivdis7RdssZkJ9Zv9 S7B2VoNOQj4=zoia -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . Description:
Red Hat Single Sign-On 7.3 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1649870 - CVE-2019-14820 keycloak: adapter endpoints are exposed via arbitrary URLs 1713068 - CVE-2019-10184 undertow: Information leak in requests for directories without trailing slashes 1713468 - CVE-2019-12086 jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server. 1725795 - CVE-2019-12814 jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server via crafted JSON message. JIRA issues fixed (https://issues.jboss.org/):
KEYCLOAK-11455 - Tracker bug for the RH-SSO 7.3.4 release for RHEL7
-
Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
-
Description:
Red Hat Decision Manager is an open source decision management platform that combines business rules management, complex event processing, Decision Model & Notation (DMN) execution, and Business Optimizer for solving planning problems. It automates business decisions and makes that logic available to the entire business.
It is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process.
The References section of this erratum contains a download link (you must log in to download the update). JIRA issues fixed (https://issues.jboss.org/):
JBEAP-16455 - GSS Upgrade Infinispan from 9.3.6 to 9.3.7 JBEAP-16779 - GSS Upgrade Hibernate ORM from 5.3.10 to 5.3.11 JBEAP-17045 - GSS Upgrade JSF based on Mojarra 2.3.5.SP3-redhat-00001 to 2.3.5.SP3-redhat-00002 JBEAP-17062 - GSS Upgrade Artemis from 2.7.0.redhat-00057 to 2.9.0.redhat-00005 JBEAP-17073 - GSS Upgrade jboss-ejb-client from 4.0.20 to 4.0.23 JBEAP-17109 - (7.2.z) Upgrade XNIO from 3.6.6.Final-redhat-00001 to 3.7.3.Final-redhat-00001 JBEAP-17112 - GSS Upgrade JBoss Remoting from 5.0.12 to 5.0.14.SP1 JBEAP-17144 - Tracker bug for the EAP 7.2.4 release for RHEL-8 JBEAP-17162 - GSS Upgrade jgroups from 4.0.19 to 4.0.20 JBEAP-17178 - (7.2.z) Upgrade IronJacamar from 1.4.16.Final to 1.4.17.Final JBEAP-17182 - (7.2.z) Upgrade PicketLink from 2.5.5.SP12-redhat-00006 to 2.5.5.SP12-redhat-00007 JBEAP-17183 - (7.2.z) Upgrade PicketLink bindings from 2.5.5.SP12-redhat-00006 to 2.5.5.SP12-redhat-00007 JBEAP-17223 - GSS Upgrade WildFly Core from 6.0.15 to 6.0.16 JBEAP-17238 - GSS Upgrade HAL from 3.0.13 to 3.0.16 JBEAP-17250 - GSS Upgrade JBoss MSC from 1.4.5 to 1.4.8 JBEAP-17271 - GSS Upgrade jboss-logmanager from 2.1.7.Final-redhat-00001 to 2.1.14.Final-redhat-00001 JBEAP-17273 - GSS Upgrade jboss-logging from 3.3.2.Final-redhat-00001 to 3.3.3.Final-redhat-00001 JBEAP-17274 - GSS Upgrade Wildfly Elytron from 1.6.3.Final-redhat-00001 to 1.6.4.Final-redhat-00001 JBEAP-17276 - GSS Upgrade wildfly-transaction-client from 1.1.4.Final-redhat-00001 to 1.1.6.Final-redhat-00001 JBEAP-17277 - GSS Upgrade Undertow from 2.0.22 to 2.0.25.SP1 JBEAP-17278 - GSS Upgrade JBoss Marshalling from 2.0.7 to 2.0.9 JBEAP-17294 - GSS Upgrade weld from 3.0.6.Final-redhat-00001 to 3.0.6.Final-redhat-00002 JBEAP-17311 - GSS Upgrade jboss-jaxrs-api_2.1_spec from 1.0.1.Final-redhat-00001 to 1.0.3.Final-redhat-00001 JBEAP-17320 - GSS Upgrade PicketBox from 5.0.3.Final-redhat-3 to 5.0.3.Final-redhat-00004 JBEAP-17321 - GSS Upgrade Narayana from 5.9.3.Final to 5.9.6.Final JBEAP-17334 - (7.2.z) Upgrade Elytron-Tool from 1.4.2 to 1.4.3.Final JBEAP-17527 - GSS Upgrade Hibernate ORM from 5.3.11 to 5.3.11.SP1
7
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201907-0806", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "jackson-databind", "scope": "lt", "trust": 1.8, "vendor": "fasterxml", "version": "2.9.9.2" }, { "model": "jd edwards enterpriseone tools", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "9.2" }, { "model": "banking platform", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "2.7.0" }, { "model": "active iq unified manager", "scope": "gte", "trust": 1.0, "vendor": "netapp", "version": "9.5" }, { "model": "communications diameter signaling router", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "8.2" }, { "model": "primavera unifier", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "17.7" }, { "model": "primavera unifier", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "16.1" }, { "model": "jackson-databind", "scope": "gte", "trust": 1.0, "vendor": "fasterxml", "version": "2.7.0" }, { "model": "communications diameter signaling router", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "8.0.0" }, { "model": "primavera gateway", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "17.12" }, { "model": "primavera unifier", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "16.2" }, { "model": "retail customer management and segmentation foundation", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "17.0" }, { "model": "retail xstore point of service", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "17.0" }, { "model": "primavera unifier", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "17.12" }, { "model": "banking platform", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "2.4.0" }, { "model": "jackson-databind", "scope": "lt", "trust": 1.0, "vendor": "fasterxml", "version": "2.7.9.6" }, { "model": "oncommand workflow automation", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null }, { "model": "banking platform", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "2.6.1" }, { "model": "banking platform", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "2.7.1" }, { "model": "jackson-databind", "scope": "gte", "trust": 1.0, "vendor": "fasterxml", "version": "2.9.0" }, { "model": "fedora", "scope": "eq", "trust": 1.0, "vendor": "fedoraproject", "version": "29" }, { "model": "siebel ui framework", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "19.10" }, { "model": "retail xstore point of service", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "7.1" }, { "model": "jboss enterprise application platform", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "7.3" }, { "model": "retail xstore point of service", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "16.0" }, { "model": "communications diameter signaling router", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "8.2.1" }, { "model": "primavera gateway", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "18.8.0" }, { "model": "communications diameter signaling router", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "8.1" }, { "model": "openshift container platform", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "4.1" }, { "model": "banking platform", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "2.6.0" }, { "model": "communications instant messaging server", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "10.0.1.3.0" }, { "model": "retail xstore point of service", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "18.0" }, { "model": "snapcenter", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null }, { "model": "financial services analytical applications infrastructure", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "8.0.8" }, { "model": "banking platform", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "2.4.1" }, { "model": "openshift container platform", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "3.11" }, { "model": "jackson-databind", "scope": "gte", "trust": 1.0, "vendor": "fasterxml", "version": "2.0.0" }, { "model": "linux", "scope": "eq", "trust": 1.0, "vendor": "debian", "version": "8.0" }, { "model": "single sign-on", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "7.3" }, { "model": "active iq unified manager", "scope": "gte", "trust": 1.0, "vendor": "netapp", "version": "7.3" }, { "model": "xcode", "scope": "lt", "trust": 1.0, "vendor": "apple", "version": "13.3" }, { "model": "fedora", "scope": "eq", "trust": 1.0, "vendor": "fedoraproject", "version": "30" }, { "model": "service level manager", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null }, { "model": "jackson-databind", "scope": "lt", "trust": 1.0, "vendor": "fasterxml", "version": "2.6.7.3" }, { "model": "banking platform", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "2.5.0" }, { "model": "primavera gateway", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "16.2" }, { "model": "jackson-databind", "scope": "lt", "trust": 1.0, "vendor": "fasterxml", "version": "2.8.11.4" }, { "model": "siebel engineering - installer \\\u0026 deployment", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "19.8" }, { "model": "fedora", "scope": "eq", "trust": 1.0, "vendor": "fedoraproject", "version": "31" }, { "model": "retail xstore point of service", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "15.0" }, { "model": "primavera unifier", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "18.8" }, { "model": "financial services analytical applications infrastructure", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "8.0.2" }, { "model": "jd edwards enterpriseone orchestrator", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "9.2" }, { "model": "jboss enterprise application platform", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "7.2" }, { "model": "primavera gateway", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "15.2" }, { "model": "jackson-databind", "scope": "gte", "trust": 1.0, "vendor": "fasterxml", "version": "2.8.0" }, { "model": "goldengate stream analytics", "scope": "lt", "trust": 1.0, "vendor": "oracle", "version": "19.1.0.0.1" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2019-007329" }, { "db": "NVD", "id": "CVE-2019-14379" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.9.9.2", "versionStartIncluding": "2.9.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.7.9.6", "versionStartIncluding": "2.7.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.8.11.4", "versionStartIncluding": "2.8.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.6.7.3", "versionStartIncluding": "2.0.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:netapp:service_level_manager:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*", "cpe_name": [], "versionStartIncluding": "7.3", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*", "cpe_name": [], "versionStartIncluding": "9.5", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:linux:*:*", "cpe_name": [], "versionStartIncluding": "7.3", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:redhat:openshift_container_platform:4.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:redhat:single_sign-on:7.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:redhat:single_sign-on:7.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:redhat:single_sign-on:7.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:16.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_platform:2.4.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:7.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_platform:2.4.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:16.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:15.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_platform:2.5.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:16.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:16.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:17.12:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:9.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_platform:2.6.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_platform:2.6.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:17.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "17.12", "versionStartIncluding": "17.7", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:siebel_ui_framework:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "19.10", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:18.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_platform:2.7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_platform:2.7.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:goldengate_stream_analytics:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "19.1.0.0.1", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.2.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "8.0.8", "versionStartIncluding": "8.0.2", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:18.8.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:siebel_engineering_-_installer_\\\u0026_deployment:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "19.8", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.3.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:apple:xcode:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "13.3", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2019-14379" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Red Hat", "sources": [ { "db": "PACKETSTORM", "id": "154845" }, { "db": "PACKETSTORM", "id": "155054" }, { "db": "PACKETSTORM", "id": "154686" }, { "db": "PACKETSTORM", "id": "162493" }, { "db": "PACKETSTORM", "id": "156628" }, { "db": "PACKETSTORM", "id": "154844" }, { "db": "PACKETSTORM", "id": "154793" }, { "db": "PACKETSTORM", "id": "155051" }, { "db": "PACKETSTORM", "id": "154665" }, { "db": "CNNVD", "id": "CNNVD-201907-1434" } ], "trust": 1.5 }, "cve": "CVE-2019-14379", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 7.5, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "CVE-2019-14379", "impactScore": null, "integrityImpact": "Partial", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "High", "trust": 0.9, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "VHN-146319", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 0.1, "vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "exploitabilityScore": 3.9, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 9.8, "baseSeverity": "Critical", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2019-14379", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2019-14379", "trust": 1.8, "value": "CRITICAL" }, { "author": "CNNVD", "id": "CNNVD-201907-1434", "trust": 0.6, "value": "CRITICAL" }, { "author": "VULHUB", "id": "VHN-146319", "trust": 0.1, "value": "HIGH" }, { "author": "VULMON", "id": "CVE-2019-14379", "trust": 0.1, "value": "HIGH" } ] } ], "sources": [ { "db": "VULHUB", "id": "VHN-146319" }, { "db": "VULMON", "id": "CVE-2019-14379" }, { "db": "JVNDB", "id": "JVNDB-2019-007329" }, { "db": "CNNVD", "id": "CNNVD-201907-1434" }, { "db": "NVD", "id": "CVE-2019-14379" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "SubTypeValidator.java in FasterXML jackson-databind before 2.9.9.2 mishandles default typing when ehcache is used (because of net.sf.ehcache.transaction.manager.DefaultTransactionManagerLookup), leading to remote code execution. FasterXML jackson-databind Contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. FasterXML Jackson is a data processing tool for Java developed by American FasterXML Company. jackson-databind is one of the components with data binding function. The SubTypeValidator.java file in versions earlier than FasterXML jackson-databind 2.9.9.2 has an input validation error vulnerability. An attacker could exploit this vulnerability to execute code. \nLOG-1234 - CVE-2020-15586 CVE-2020-16845 openshift-eventrouter: various flaws [openshift-4]\nLOG-1299 - Release 5.0 Forwarding logs to Kafka using Chained certificates fails with error \"state=error: certificate verify failed (unable to get local issuer certificate)\"\n\n5. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Important: Red Hat Data Grid 7.3.3 security update\nAdvisory ID: RHSA-2020:0727-01\nProduct: Red Hat JBoss Data Grid\nAdvisory URL: https://access.redhat.com/errata/RHSA-2020:0727\nIssue date: 2020-03-05\nCVE Names: CVE-2018-14335 CVE-2019-3805 CVE-2019-3888\n CVE-2019-9512 CVE-2019-9514 CVE-2019-9515\n CVE-2019-9518 CVE-2019-10173 CVE-2019-10174\n CVE-2019-10184 CVE-2019-10212 CVE-2019-14379\n====================================================================\n1. Summary:\n\nAn update for Red Hat Data Grid is now available. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Description:\n\nRed Hat Data Grid is a distributed, in-memory, NoSQL datastore based on the\nInfinispan project. \n\nThis release of Red Hat Data Grid 7.3.3 serves as a replacement for Red Hat\nData Grid 7.3.2 and includes bug fixes and enhancements, which are\ndescribed in the Release Notes, linked to in the References section of this\nerratum. \n\nSecurity Fix(es):\n\n* HTTP/2: flood using PING frames results in unbounded memory growth\n(CVE-2019-9512)\n\n* HTTP/2: flood using HEADERS frames results in unbounded memory growth\n(CVE-2019-9514)\n\n* HTTP/2: flood using SETTINGS frames results in unbounded memory growth\n(CVE-2019-9515)\n\n* HTTP/2: flood using empty frames results in excessive resource\nconsumption (CVE-2019-9518)\n\n* xstream: remote code execution due to insecure XML deserialization\n(regression of CVE-2013-7285) (CVE-2019-10173)\n\n* infinispan: invokeAccessibly method from ReflectionUtil class allows to\ninvoke private methods (CVE-2019-10174)\n\n* jackson-databind: default typing mishandling leading to remote code\nexecution (CVE-2019-14379)\n\n* h2: Information Exposure due to insecure handling of permissions in the\nbackup (CVE-2018-14335)\n\n* wildfly: Race condition on PID file allows for termination of arbitrary\nprocesses by local users (CVE-2019-3805)\n\n* undertow: leak credentials to log files\nUndertowLogger.REQUEST_LOGGER.undertowRequestFailed (CVE-2019-3888)\n\n* undertow: DEBUG log for io.undertow.request.security if enabled leaks\ncredentials to log files (CVE-2019-10212)\n\n* undertow: Information leak in requests for directories without trailing\nslashes (CVE-2019-10184)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n3. Solution:\n\nTo install this update, do the following:\n\n1. Download the Data Grid 7.3.3 server patch from the customer portal. \n2. Back up your existing Data Grid installation. You should back up\ndatabases, configuration files, and so on. \n3. Install the Data Grid 7.3.3 server patch. Refer to the 7.3 Release Notes\nfor patching instructions. \n4. Restart Data Grid to ensure the changes take effect. \n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1610877 - CVE-2018-14335 h2: Information Exposure due to insecure handling of permissions in the backup\n1660263 - CVE-2019-3805 wildfly: Race condition on PID file allows for termination of arbitrary processes by local users\n1693777 - CVE-2019-3888 undertow: leak credentials to log files UndertowLogger.REQUEST_LOGGER.undertowRequestFailed\n1703469 - CVE-2019-10174 infinispan: invokeAccessibly method from ReflectionUtil class allows to invoke private methods\n1713068 - CVE-2019-10184 undertow: Information leak in requests for directories without trailing slashes\n1722971 - CVE-2019-10173 xstream: remote code execution due to insecure XML deserialization (regression of CVE-2013-7285)\n1731984 - CVE-2019-10212 undertow: DEBUG log for io.undertow.request.security if enabled leaks credentials to log files\n1735645 - CVE-2019-9512 HTTP/2: flood using PING frames results in unbounded memory growth\n1735744 - CVE-2019-9514 HTTP/2: flood using HEADERS frames results in unbounded memory growth\n1735745 - CVE-2019-9515 HTTP/2: flood using SETTINGS frames results in unbounded memory growth\n1735749 - CVE-2019-9518 HTTP/2: flood using empty frames results in excessive resource consumption\n1737517 - CVE-2019-14379 jackson-databind: default typing mishandling leading to remote code execution\n\n5. References:\n\nhttps://access.redhat.com/security/cve/CVE-2018-14335\nhttps://access.redhat.com/security/cve/CVE-2019-3805\nhttps://access.redhat.com/security/cve/CVE-2019-3888\nhttps://access.redhat.com/security/cve/CVE-2019-9512\nhttps://access.redhat.com/security/cve/CVE-2019-9514\nhttps://access.redhat.com/security/cve/CVE-2019-9515\nhttps://access.redhat.com/security/cve/CVE-2019-9518\nhttps://access.redhat.com/security/cve/CVE-2019-10173\nhttps://access.redhat.com/security/cve/CVE-2019-10174\nhttps://access.redhat.com/security/cve/CVE-2019-10184\nhttps://access.redhat.com/security/cve/CVE-2019-10212\nhttps://access.redhat.com/security/cve/CVE-2019-14379\nhttps://access.redhat.com/security/updates/classification/#important\nhttps://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product\\xdata.grid\u0026downloadType=patches\u0026version=7.3\nhttps://access.redhat.com/documentation/en-us/red_hat_data_grid/7.3/html-single/red_hat_data_grid_7.3_release_notes/index\n\n6. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2020 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBXmD2b9zjgjWX9erEAQhDqA/9G7uM0HlTt4M6Z9Zc23FSbbr+jj1k/o69\na5WWa+xS3Ko4IvlN5rt+wOHSFet+NTMAerNHzAsB2+viX1hr14Hwf3QnIom/yxbJ\nPaC1djdaZfcvSIODhbq/C5Ilae09x3rW1voQ39i1Q2bsEqVePLZdC75KjvNLsfqe\nQJCMvcO3jkccxn7k45baCfTGsFyOhHb17Y9DRarWsC7jO9kEjMxrUPN6qKP6BC9t\nRMuqDxo1aJnatMeCWb7NA0UpOz0+lFpuR+ZZYPV444nGmfTKrbc9c5TuQUCSP+LD\nsG1+fh2xMztuGxNiJfgSP3iqHmgXD9TBxh1kxn1kt59llCO5+Uqu/O5OsqeQQ0Ym\nI+a2VAzn2N776sTbWIZ3231IJex68oG+4/fIo6/FVVJpmtDIDgumgErTPD0kkNuT\nyyyn3u50RZohzSxEz37QdiQDJbiJcJhmtFR5fLRAbFa8Ys2Gw81PGFba95/kVooX\nK5uSukzOBm8nhxfBvwZDCY/gWuJwVLSAOJb4VoPZiR2WbZsx+9r+spQv6K9wYr5v\ns//DY88rsUSaMH4kGco//6Dqis8IwOISr/ZR+Edlnrz1rHv9Z4XerMw56VUKIHva\nmS7rdNmbLqHN0XfZImxewLca2i7sWIlxWrgKF2f4zEO3ermivdis7RdssZkJ9Zv9\nS7B2VoNOQj4=zoia\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. Description:\n\nRed Hat Single Sign-On 7.3 is a standalone server, based on the Keycloak\nproject, that provides authentication and standards-based single sign-on\ncapabilities for web and mobile applications. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1649870 - CVE-2019-14820 keycloak: adapter endpoints are exposed via arbitrary URLs\n1713068 - CVE-2019-10184 undertow: Information leak in requests for directories without trailing slashes\n1713468 - CVE-2019-12086 jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server. \n1725795 - CVE-2019-12814 jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server via crafted JSON message. JIRA issues fixed (https://issues.jboss.org/):\n\nKEYCLOAK-11455 - Tracker bug for the RH-SSO 7.3.4 release for RHEL7\n\n7. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n8. Description:\n\nRed Hat Decision Manager is an open source decision management platform\nthat combines business rules management, complex event processing, Decision\nModel \u0026 Notation (DMN) execution, and Business Optimizer for solving\nplanning problems. It automates business decisions and makes that logic\navailable to the entire business. \n\nIt is recommended to halt the server by stopping the JBoss Application\nServer process before installing this update; after installing the update,\nrestart the server by starting the JBoss Application Server process. \n\nThe References section of this erratum contains a download link (you must\nlog in to download the update). JIRA issues fixed (https://issues.jboss.org/):\n\nJBEAP-16455 - [GSS](7.2.z) Upgrade Infinispan from 9.3.6 to 9.3.7\nJBEAP-16779 - [GSS](7.2.z) Upgrade Hibernate ORM from 5.3.10 to 5.3.11\nJBEAP-17045 - [GSS](7.2.z) Upgrade JSF based on Mojarra 2.3.5.SP3-redhat-00001 to 2.3.5.SP3-redhat-00002\nJBEAP-17062 - [GSS](7.2.z) Upgrade Artemis from 2.7.0.redhat-00057 to 2.9.0.redhat-00005\nJBEAP-17073 - [GSS](7.2.z) Upgrade jboss-ejb-client from 4.0.20 to 4.0.23\nJBEAP-17109 - (7.2.z) Upgrade XNIO from 3.6.6.Final-redhat-00001 to 3.7.3.Final-redhat-00001\nJBEAP-17112 - [GSS](7.2.z) Upgrade JBoss Remoting from 5.0.12 to 5.0.14.SP1\nJBEAP-17144 - Tracker bug for the EAP 7.2.4 release for RHEL-8\nJBEAP-17162 - [GSS](7.2.z) Upgrade jgroups from 4.0.19 to 4.0.20\nJBEAP-17178 - (7.2.z) Upgrade IronJacamar from 1.4.16.Final to 1.4.17.Final\nJBEAP-17182 - (7.2.z) Upgrade PicketLink from 2.5.5.SP12-redhat-00006 to 2.5.5.SP12-redhat-00007\nJBEAP-17183 - (7.2.z) Upgrade PicketLink bindings from 2.5.5.SP12-redhat-00006 to 2.5.5.SP12-redhat-00007\nJBEAP-17223 - [GSS](7.2.z) Upgrade WildFly Core from 6.0.15 to 6.0.16\nJBEAP-17238 - [GSS](7.2.z) Upgrade HAL from 3.0.13 to 3.0.16\nJBEAP-17250 - [GSS](7.2.z) Upgrade JBoss MSC from 1.4.5 to 1.4.8\nJBEAP-17271 - [GSS](7.2.z) Upgrade jboss-logmanager from 2.1.7.Final-redhat-00001 to 2.1.14.Final-redhat-00001\nJBEAP-17273 - [GSS](7.2.z) Upgrade jboss-logging from 3.3.2.Final-redhat-00001 to 3.3.3.Final-redhat-00001\nJBEAP-17274 - [GSS](7.2.z) Upgrade Wildfly Elytron from 1.6.3.Final-redhat-00001 to 1.6.4.Final-redhat-00001\nJBEAP-17276 - [GSS](7.2.z) Upgrade wildfly-transaction-client from 1.1.4.Final-redhat-00001 to 1.1.6.Final-redhat-00001\nJBEAP-17277 - [GSS](7.2.z) Upgrade Undertow from 2.0.22 to 2.0.25.SP1\nJBEAP-17278 - [GSS](7.2.z) Upgrade JBoss Marshalling from 2.0.7 to 2.0.9\nJBEAP-17294 - [GSS](7.2.z) Upgrade weld from 3.0.6.Final-redhat-00001 to 3.0.6.Final-redhat-00002\nJBEAP-17311 - [GSS](7.2.z) Upgrade jboss-jaxrs-api_2.1_spec from 1.0.1.Final-redhat-00001 to 1.0.3.Final-redhat-00001\nJBEAP-17320 - [GSS](7.2.z) Upgrade PicketBox from 5.0.3.Final-redhat-3 to 5.0.3.Final-redhat-00004\nJBEAP-17321 - [GSS](7.2.z) Upgrade Narayana from 5.9.3.Final to 5.9.6.Final\nJBEAP-17334 - (7.2.z) Upgrade Elytron-Tool from 1.4.2 to 1.4.3.Final\nJBEAP-17527 - [GSS](7.2.z) Upgrade Hibernate ORM from 5.3.11 to 5.3.11.SP1\n\n7", "sources": [ { "db": "NVD", "id": "CVE-2019-14379" }, { "db": "JVNDB", "id": "JVNDB-2019-007329" }, { "db": "VULHUB", "id": "VHN-146319" }, { "db": "VULMON", "id": "CVE-2019-14379" }, { "db": "PACKETSTORM", "id": "154845" }, { "db": "PACKETSTORM", "id": "155054" }, { "db": "PACKETSTORM", "id": "154686" }, { "db": "PACKETSTORM", "id": "162493" }, { "db": "PACKETSTORM", "id": "156628" }, { "db": "PACKETSTORM", "id": "154844" }, { "db": "PACKETSTORM", "id": "154793" }, { "db": "PACKETSTORM", "id": "155051" }, { "db": "PACKETSTORM", "id": "154665" } ], "trust": 2.61 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2019-14379", "trust": 3.5 }, { "db": "PACKETSTORM", "id": "162493", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2019-007329", "trust": 0.8 }, { "db": "PACKETSTORM", "id": "166313", "trust": 0.7 }, { "db": "PACKETSTORM", "id": "154469", "trust": 0.7 }, { "db": "PACKETSTORM", "id": "162350", "trust": 0.7 }, { "db": "CNNVD", "id": "CNNVD-201907-1434", "trust": 0.7 }, { "db": "PACKETSTORM", "id": "156628", "trust": 0.7 }, { "db": "CS-HELP", "id": "SB2022060909", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2022031501", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021050708", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021042826", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2019.4754", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2019.4370", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2019.3481", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2019.4323", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2020.1076", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2019.4588", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2020.1440", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.1573", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2019.3074", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.1437", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2019.3836", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2019.3643", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2020.0381", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2020.0832", "trust": 0.6 }, { "db": "PACKETSTORM", "id": "155382", "trust": 0.6 }, { "db": "PACKETSTORM", "id": "156941", "trust": 0.6 }, { "db": "NSFOCUS", "id": "45801", "trust": 0.6 }, { "db": "VULHUB", "id": "VHN-146319", "trust": 0.1 }, { "db": "VULMON", "id": "CVE-2019-14379", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "154845", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "155054", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "154686", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "154844", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "154793", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "155051", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "154665", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-146319" }, { "db": "VULMON", "id": "CVE-2019-14379" }, { "db": "JVNDB", "id": "JVNDB-2019-007329" }, { "db": "PACKETSTORM", "id": "154845" }, { "db": "PACKETSTORM", "id": "155054" }, { "db": "PACKETSTORM", "id": "154686" }, { "db": "PACKETSTORM", "id": "162493" }, { "db": "PACKETSTORM", "id": "156628" }, { "db": "PACKETSTORM", "id": "154844" }, { "db": "PACKETSTORM", "id": "154793" }, { "db": "PACKETSTORM", "id": "155051" }, { "db": "PACKETSTORM", "id": "154665" }, { "db": "CNNVD", "id": "CNNVD-201907-1434" }, { "db": "NVD", "id": "CVE-2019-14379" } ] }, "id": "VAR-201907-0806", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-146319" } ], "trust": 0.01 }, "last_update_date": "2024-07-23T19:27:57.849000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Comparing changes", "trust": 0.8, "url": "https://github.com/fasterxml/jackson-databind/compare/jackson-databind-2.9.9.1...jackson-databind-2.9.9.2" }, { "title": "Block one more gadget type (ehcache, CVE-2019-14379) #2387", "trust": 0.8, "url": "https://github.com/fasterxml/jackson-databind/issues/2387" }, { "title": "FasterXML jackson-databind Security vulnerabilities", "trust": 0.6, "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=95557" }, { "title": "Red Hat: Important: rh-maven35-jackson-databind security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20192743 - security advisory" }, { "title": "Red Hat: Important: Red Hat Process Automation Manager 7.5.0 Security Update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20193297 - security advisory" }, { "title": "Red Hat: Important: Red Hat Decision Manager 7.5.0 Security Update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20193292 - security advisory" }, { "title": "Debian CVElist Bug Report Logs: jackson-databind: CVE-2019-14361 CVE-2019-14379", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=a0e42c604708bdf7d86284f91b76327e" }, { "title": "Red Hat: Important: Red Hat OpenShift Application Runtimes Vert.x 3.8.3 security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20193901 - security advisory" }, { "title": "Red Hat: Important: Red Hat Single Sign-On 7.3.4 security update on RHEL 8", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20193046 - security advisory" }, { "title": "Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.2.4 security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20192938 - security advisory" }, { "title": "Red Hat: Important: Red Hat Single Sign-On 7.3.4 security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20193050 - security advisory" }, { "title": "Red Hat: Important: Red Hat Single Sign-On 7.3.4 security update on RHEL 7", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20193045 - security advisory" }, { "title": "Red Hat: Important: Red Hat Single Sign-On 7.3.4 security update on RHEL 6", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20193044 - security advisory" }, { "title": "Red Hat: Important: Red Hat OpenShift Application Runtimes Thorntail 2.5.0 security \u0026 bug fix update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20192998 - security advisory" }, { "title": "Red Hat: CVE-2019-14379", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2019-14379" }, { "title": "Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.2.4 on RHEL 8 security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20192937 - security advisory" }, { "title": "Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.2.4 on RHEL 7 security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20192936 - security advisory" }, { "title": "Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.2.4 on RHEL 6 Security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20192935 - security advisory" }, { "title": "IBM: IBM Security Bulletin: IBM Security Guardium is affected by a jackson-databind vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=8e202227ddeed5e361f0c0e3dbbf0fe3" }, { "title": "Red Hat: Important: Red Hat Data Grid 7.3.3 security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20200727 - security advisory" }, { "title": "IBM: IBM Security Bulletin: Vulnerabilities in FasterXML Jackson libraries affect IBM C\u00faram Social Program Management (CVE-2019-14439, CVE-2019-14379, CVE-2019-12814, CVE-2019-12086)", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=7577d61736064271602a887577c2f766" }, { "title": "Red Hat: Important: Red Hat Fuse 7.6.0 security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20200983 - security advisory" }, { "title": "Red Hat: Important: OpenShift Container Platform 4.1.18 logging-elasticsearch5 security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20192858 - security advisory" }, { "title": "Red Hat: Important: OpenShift Container Platform logging-elasticsearch5-container security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20193149 - security advisory" }, { "title": "Hitachi Security Advisories: Multiple Vulnerabilities in Hitachi Ops Center Analyzer viewpoint", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=hitachi_security_advisories\u0026qid=hitachi-sec-2020-109" }, { "title": "Hitachi Security Advisories: Multiple Vulnerabilities in Cosminexus", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=hitachi_security_advisories\u0026qid=hitachi-sec-2021-109" }, { "title": "IBM: Security Bulletin: z/Transaction Processing Facility is affected by multiple vulnerabilities in the jackson-databind, jackson-dataformat-xml, jackson-core, slf4j-ext, and cxf-core packages", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=f974282a27702bae4111bf7716ee6cf6" }, { "title": "IBM: Security Bulletin: Multiple vulnerabilities in Data-Binding for Jackson shipped with IBM Operations Analytics \u2013 Log Analysis", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=1db4c8cb14383c63d0c04205c943ef8a" }, { "title": "IBM: Security Bulletin: IBM Cognos Analytics has addressed multiple vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=2ec7385c474071281be069b54d841de6" }, { "title": "commons", "trust": 0.1, "url": "https://github.com/heike2718/commons " }, { "title": "Jackson-deserialization-PoC", "trust": 0.1, "url": "https://github.com/galimba/jackson-deserialization-poc " }, { "title": "cybsec", "trust": 0.1, "url": "https://github.com/ilmari666/cybsec " } ], "sources": [ { "db": "VULMON", "id": "CVE-2019-14379" }, { "db": "JVNDB", "id": "JVNDB-2019-007329" }, { "db": "CNNVD", "id": "CNNVD-201907-1434" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-1321", "trust": 1.0 }, { "problemtype": "CWE-20", "trust": 0.9 }, { "problemtype": "CWE-915", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-146319" }, { "db": "JVNDB", "id": "JVNDB-2019-007329" }, { "db": "NVD", "id": "CVE-2019-14379" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.5, "url": "https://access.redhat.com/errata/rhsa-2019:2743" }, { "trust": 2.5, "url": "https://access.redhat.com/errata/rhsa-2019:3045" }, { "trust": 2.5, "url": "https://access.redhat.com/errata/rhsa-2019:3046" }, { "trust": 2.4, "url": "https://www.oracle.com/security-alerts/cpujul2020.html" }, { "trust": 2.4, "url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00011.html" }, { "trust": 2.4, "url": "https://access.redhat.com/errata/rhsa-2019:2858" }, { "trust": 2.4, "url": "https://access.redhat.com/errata/rhsa-2019:3044" }, { "trust": 2.4, "url": "https://access.redhat.com/errata/rhsa-2019:3050" }, { "trust": 2.4, "url": "https://access.redhat.com/errata/rhsa-2019:3901" }, { "trust": 2.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14379" }, { "trust": 1.9, "url": "https://access.redhat.com/errata/rhsa-2019:2936" }, { "trust": 1.9, "url": "https://access.redhat.com/errata/rhsa-2019:2937" }, { "trust": 1.9, "url": "https://access.redhat.com/errata/rhsa-2019:2998" }, { "trust": 1.9, "url": "https://access.redhat.com/errata/rhsa-2019:3292" }, { "trust": 1.9, "url": "https://access.redhat.com/errata/rhsa-2019:3297" }, { "trust": 1.9, "url": "https://access.redhat.com/errata/rhsa-2020:0727" }, { "trust": 1.8, "url": "https://support.apple.com/kb/ht213189" }, { "trust": 1.8, "url": "https://security.netapp.com/advisory/ntap-20190814-0001/" }, { "trust": 1.8, "url": "http://seclists.org/fulldisclosure/2022/mar/23" }, { "trust": 1.8, "url": "https://github.com/fasterxml/jackson-databind/compare/jackson-databind-2.9.9.1...jackson-databind-2.9.9.2" }, { "trust": 1.8, "url": "https://github.com/fasterxml/jackson-databind/issues/2387" }, { "trust": 1.8, "url": "https://www.oracle.com/security-alerts/cpuapr2021.html" }, { "trust": 1.8, "url": "https://www.oracle.com/security-alerts/cpuapr2020.html" }, { "trust": 1.8, "url": "https://www.oracle.com/security-alerts/cpujan2020.html" }, { "trust": 1.8, "url": "https://www.oracle.com/security-alerts/cpuoct2020.html" }, { "trust": 1.8, "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" }, { "trust": 1.8, "url": "https://access.redhat.com/errata/rhba-2019:2824" }, { "trust": 1.8, "url": "https://access.redhat.com/errata/rhsa-2019:2935" }, { "trust": 1.8, "url": "https://access.redhat.com/errata/rhsa-2019:2938" }, { "trust": 1.8, "url": "https://access.redhat.com/errata/rhsa-2019:3149" }, { "trust": 1.8, "url": "https://access.redhat.com/errata/rhsa-2019:3200" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/0d4b630d9ee724aee50703397d9d1afa2b2befc9395ba7797d0ccea9%40%3cdev.tomee.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/0fcef7321095ce0bc597d468d150cff3d647f4cb3aef3bd4d20e1c69%40%3ccommits.tinkerpop.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/2766188be238a446a250ef76801037d452979152d85bce5e46805815%40%3cissues.iceberg.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/2d2a76440becb610b9a9cb49b15eac3934b02c2dbcaacde1000353e4%40%3cdev.tomee.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/34717424b4d08b74f65c09a083d6dd1cb0763f37a15d6de135998c1d%40%3cdev.tomee.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3cdev.drill.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/525bcf949a4b0da87a375cbad2680b8beccde749522f24c49befe7fb%40%3ccommits.pulsar.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/56c8042873595b8c863054c7bfccab4bf2c01c6f5abedae249d914b9%40%3cdev.tomee.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/5ecc333113b139429f4f05000d4aa2886974d4df3269c1dd990bb319%40%3cdev.tomee.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/5fc0e16b7af2590bf1e97c76c136291c4fdb244ee63c65c485c9a7a1%40%3cdev.tomee.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/6788e4c991f75b89d290ad06b463fcd30bcae99fee610345a35b7bc6%40%3cissues.iceberg.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/689c6bcc6c7612eee71e453a115a4c8581e7b718537025d4b265783d%40%3cissues.iceberg.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/75f482fdc84abe6d0c8f438a76437c335a7bbeb5cddd4d70b4bc0cbf%40%3cissues.iceberg.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/859815b2e9f1575acbb2b260b73861c16ca49bca627fa0c46419051f%40%3cissues.iceberg.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/8723b52c2544e6cb804bc8a36622c584acd1bd6c53f2b6034c9fea54%40%3cissues.iceberg.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/87e46591de8925f719664a845572d184027258c5a7af0a471b53c77b%40%3cdev.tomee.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/940b4c3fef002461b89a050935337056d4a036a65ef68e0bbd4621ef%40%3cdev.struts.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/99944f86abefde389da9b4040ea2327c6aa0b53a2ff9352bd4cfec17%40%3cissues.iceberg.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3cdev.drill.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/d161ff3d59c5a8213400dd6afb1cce1fac4f687c32d1e0c0bfbfaa2d%40%3cissues.iceberg.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/e25e734c315f70d8876a846926cfe3bfa1a4888044f146e844caf72f%40%3ccommits.ambari.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/ee0a051428d2c719acfa297d0854a189ea5e284ef3ed491fa672f4be%40%3cdev.tomee.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/f17f63b0f8a57e4a5759e01d25cffc0548f0b61ff5c6bfd704ad2f2a%40%3ccommits.ambari.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3cissues.drill.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0%40%3cissues.bookkeeper.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3cissues.geode.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ovrzdn2t6az6djczj3vsiqivhbvmvwbl/" }, { "trust": 1.0, "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/txrvxnrfhjsqwfhprjqri5upmz63b544/" }, { "trust": 1.0, "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ukuale2tuckekohe2d342pqxn4mwcslc/" }, { "trust": 0.9, "url": "https://access.redhat.com/security/updates/classification/#important" }, { "trust": 0.9, "url": "https://access.redhat.com/security/team/contact/" }, { "trust": 0.9, "url": "https://access.redhat.com/security/cve/cve-2019-14379" }, { "trust": 0.8, "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ukuale2tuckekohe2d342pqxn4mwcslc/" }, { "trust": 0.8, "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ovrzdn2t6az6djczj3vsiqivhbvmvwbl/" }, { "trust": 0.8, "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/txrvxnrfhjsqwfhprjqri5upmz63b544/" }, { "trust": 0.8, "url": "https://lists.apache.org/thread.html/e25e734c315f70d8876a846926cfe3bfa1a4888044f146e844caf72f@%3ccommits.ambari.apache.org%3e" }, { "trust": 0.8, "url": "https://lists.apache.org/thread.html/f17f63b0f8a57e4a5759e01d25cffc0548f0b61ff5c6bfd704ad2f2a@%3ccommits.ambari.apache.org%3e" }, { "trust": 0.8, "url": "https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0@%3cissues.bookkeeper.apache.org%3e" }, { "trust": 0.8, "url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3cdev.drill.apache.org%3e" }, { "trust": 0.8, "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3cdev.drill.apache.org%3e" }, { "trust": 0.8, "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3cissues.drill.apache.org%3e" }, { "trust": 0.8, "url": "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2@%3cissues.geode.apache.org%3e" }, { "trust": 0.8, "url": "https://lists.apache.org/thread.html/75f482fdc84abe6d0c8f438a76437c335a7bbeb5cddd4d70b4bc0cbf@%3cissues.iceberg.apache.org%3e" }, { "trust": 0.8, "url": "https://lists.apache.org/thread.html/689c6bcc6c7612eee71e453a115a4c8581e7b718537025d4b265783d@%3cissues.iceberg.apache.org%3e" }, { "trust": 0.8, "url": "https://lists.apache.org/thread.html/99944f86abefde389da9b4040ea2327c6aa0b53a2ff9352bd4cfec17@%3cissues.iceberg.apache.org%3e" }, { "trust": 0.8, "url": "https://lists.apache.org/thread.html/d161ff3d59c5a8213400dd6afb1cce1fac4f687c32d1e0c0bfbfaa2d@%3cissues.iceberg.apache.org%3e" }, { "trust": 0.8, "url": "https://lists.apache.org/thread.html/2766188be238a446a250ef76801037d452979152d85bce5e46805815@%3cissues.iceberg.apache.org%3e" }, { "trust": 0.8, "url": "https://lists.apache.org/thread.html/8723b52c2544e6cb804bc8a36622c584acd1bd6c53f2b6034c9fea54@%3cissues.iceberg.apache.org%3e" }, { "trust": 0.8, "url": "https://lists.apache.org/thread.html/859815b2e9f1575acbb2b260b73861c16ca49bca627fa0c46419051f@%3cissues.iceberg.apache.org%3e" }, { "trust": 0.8, "url": "https://lists.apache.org/thread.html/6788e4c991f75b89d290ad06b463fcd30bcae99fee610345a35b7bc6@%3cissues.iceberg.apache.org%3e" }, { "trust": 0.8, "url": "https://lists.apache.org/thread.html/525bcf949a4b0da87a375cbad2680b8beccde749522f24c49befe7fb@%3ccommits.pulsar.apache.org%3e" }, { "trust": 0.8, "url": "https://lists.apache.org/thread.html/940b4c3fef002461b89a050935337056d4a036a65ef68e0bbd4621ef@%3cdev.struts.apache.org%3e" }, { "trust": 0.8, "url": "https://lists.apache.org/thread.html/0fcef7321095ce0bc597d468d150cff3d647f4cb3aef3bd4d20e1c69@%3ccommits.tinkerpop.apache.org%3e" }, { "trust": 0.8, "url": "https://lists.apache.org/thread.html/56c8042873595b8c863054c7bfccab4bf2c01c6f5abedae249d914b9@%3cdev.tomee.apache.org%3e" }, { "trust": 0.8, "url": "https://lists.apache.org/thread.html/0d4b630d9ee724aee50703397d9d1afa2b2befc9395ba7797d0ccea9@%3cdev.tomee.apache.org%3e" }, { "trust": 0.8, "url": "https://lists.apache.org/thread.html/ee0a051428d2c719acfa297d0854a189ea5e284ef3ed491fa672f4be@%3cdev.tomee.apache.org%3e" }, { "trust": 0.8, "url": "https://lists.apache.org/thread.html/2d2a76440becb610b9a9cb49b15eac3934b02c2dbcaacde1000353e4@%3cdev.tomee.apache.org%3e" }, { "trust": 0.8, "url": "https://lists.apache.org/thread.html/34717424b4d08b74f65c09a083d6dd1cb0763f37a15d6de135998c1d@%3cdev.tomee.apache.org%3e" }, { "trust": 0.8, "url": "https://lists.apache.org/thread.html/5ecc333113b139429f4f05000d4aa2886974d4df3269c1dd990bb319@%3cdev.tomee.apache.org%3e" }, { "trust": 0.8, "url": "https://lists.apache.org/thread.html/87e46591de8925f719664a845572d184027258c5a7af0a471b53c77b@%3cdev.tomee.apache.org%3e" }, { "trust": 0.8, "url": "https://lists.apache.org/thread.html/5fc0e16b7af2590bf1e97c76c136291c4fdb244ee63c65c485c9a7a1@%3cdev.tomee.apache.org%3e" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-14379" }, { "trust": 0.8, "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce" }, { "trust": 0.8, "url": "https://bugzilla.redhat.com/):" }, { "trust": 0.6, "url": "https://access.redhat.com/security/cve/cve-2019-10184" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-12814" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-10184" }, { "trust": 0.6, "url": "https://access.redhat.com/security/cve/cve-2019-12814" }, { "trust": 0.6, "url": "https://www.ibm.com/support/pages/node/1118283" }, { "trust": 0.6, "url": "https://www.ibm.com/support/pages/node/1086039" }, { "trust": 0.6, "url": "https://www.ibm.com/support/pages/node/1285282" }, { "trust": 0.6, "url": "https://www.ibm.com/support/pages/node/1072724" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2019.3074/" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022060909" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/155382/red-hat-security-advisory-2019-3901-01.html" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-android-mobile-sdk-compile-builder-includes-vulnerable-components/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2019.4754/" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-fasterxml-jackson-databind-affect-apache-solr-shipped-with-ibm-operations-analytics-log-analysis/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2019.4588/" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/166313/apple-security-advisory-2022-03-14-7.html" }, { "trust": 0.6, "url": "https://www.oracle.com/security-alerts/cpujan2020verbose.html" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-in-jackson-databind-affect-ibm-sterling-b2b-integrator-2/" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021042826" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cognos-business-intelligence-has-addressed-multiple-vulnerabilities-q12021/" }, { "trust": 0.6, "url": "https://support.apple.com/en-us/ht213189" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/154469/red-hat-security-advisory-2019-2743-01.html" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cognos-analytics-has-addressed-multiple-vulnerabilities-3/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.1573" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2019.3643/" }, { "trust": 0.6, "url": "https://vigilance.fr/vulnerability/jackson-databind-code-execution-via-subtypevalidator-30021" }, { "trust": 0.6, "url": "https://www.ibm.com/support/pages/node/1106763" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/156941/red-hat-security-advisory-2020-0983-01.html" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-has-announced-a-release-for-ibm-security-identity-governance-and-intelligence-in-response-to-security-vulnerabilities-2/" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021050708" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2019.3481/" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/162493/red-hat-security-advisory-2021-1515-01.html" }, { "trust": 0.6, "url": "http://www.nsfocus.net/vulndb/45801" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.0832/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.1437" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2019.4323/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2019.3836/" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-affect-ibm-network-performance-insight-cve-2019-14379-cve-2019-17531-cve-2019-14439-and-cve-2019-14540/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2019.4370/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.0381/" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022031501" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.1076/" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-affects-ibm-jazz-foundation-and-ibm-engineering-products/" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/156628/red-hat-security-advisory-2020-0727-01.html" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.1440/" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-fasterxml-jackson-databind-affect-ibm-spectrum-protect-plus-cve-2019-16943-cve-2019-16942-cve-2019-17531-cve-2019-17267-cve-2019-14540-cve-2019-163/" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/162350/red-hat-security-advisory-2021-1230-01.html" }, { "trust": 0.5, "url": "https://issues.jboss.org/):" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-12086" }, { "trust": 0.5, "url": "https://access.redhat.com/security/cve/cve-2019-12086" }, { "trust": 0.5, "url": "https://access.redhat.com/security/cve/cve-2019-12384" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-12384" }, { "trust": 0.4, "url": "https://access.redhat.com/articles/11258" }, { "trust": 0.4, "url": "https://access.redhat.com/security/team/key/" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-10212" }, { "trust": 0.4, "url": "https://access.redhat.com/security/cve/cve-2019-10212" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-14832" }, { "trust": 0.2, "url": "https://access.redhat.com/documentation/en-us/red_hat_single_sign-on/7.3/" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-14820" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14832" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14820" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-10202" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-10202" }, { "trust": 0.2, "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.2/html-single/installation_guide/" }, { "trust": 0.2, "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.2/" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-3888" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-3888" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/1321.html" }, { "trust": 0.1, "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=60520" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://github.com/galimba/jackson-deserialization-poc" }, { "trust": 0.1, "url": "https://access.redhat.com/documentation/en-us/red_hat_process_automation_manager/7.5/html/release_notes_for_red_hat_process_automation_manager_7.5/index" }, { "trust": 0.1, "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=rhpam\u0026version=7.5.0" }, { "trust": 0.1, "url": "https://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-19360" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-2163" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36188" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36189" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-14720" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-14718" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-15586" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-20190" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-14718" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-19361" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36179" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36185" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-35490" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-14719" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-14719" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36180" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-14720" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-35491" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-35490" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-35728" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-36180" }, { "trust": 0.1, "url": "https://docs.openshift.com/container-platform/4.7/logging/cluster-logging-u" }, { "trust": 0.1, "url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-36181" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-35491" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36182" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36183" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36186" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-19360" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-24750" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36187" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-19362" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-36183" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-16845" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-19362" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-36188" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-14721" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-36179" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-36182" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-16845" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-36185" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-14721" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-24750" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-36186" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-36187" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-36189" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-15586" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2021:1515" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-36184" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36181" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36184" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-20190" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-19361" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-35728" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9514" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-14335" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-10174" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-10173" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9515" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-9512" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-9514" }, { "trust": 0.1, "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product\\xdata.grid\u0026downloadtype=patches\u0026version=7.3" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-10173" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-9515" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-9518" }, { "trust": 0.1, "url": "https://access.redhat.com/documentation/en-us/red_hat_data_grid/7.3/html-single/red_hat_data_grid_7.3_release_notes/index" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9512" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-10174" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-3805" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9518" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-14335" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-3805" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-3868" }, { "trust": 0.1, "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product\\xcatrhoar.thorntail\u0026version=2.5.0" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-3868" }, { "trust": 0.1, "url": "https://access.redhat.com/documentation/en-us/red_hat_openshift_application_runtimes/1/html/release_notes_for_thorntail_2/" }, { "trust": 0.1, "url": "https://access.redhat.com/documentation/en-us/red_hat_decision_manager/7.5/html/release_notes_for_red_hat_decision_manager_7.5/index" }, { "trust": 0.1, "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=rhdm\u0026version=7.5.0" } ], "sources": [ { "db": "VULHUB", "id": "VHN-146319" }, { "db": "VULMON", "id": "CVE-2019-14379" }, { "db": "JVNDB", "id": "JVNDB-2019-007329" }, { "db": "PACKETSTORM", "id": "154845" }, { "db": "PACKETSTORM", "id": "155054" }, { "db": "PACKETSTORM", "id": "154686" }, { "db": "PACKETSTORM", "id": "162493" }, { "db": "PACKETSTORM", "id": "156628" }, { "db": "PACKETSTORM", "id": "154844" }, { "db": "PACKETSTORM", "id": "154793" }, { "db": "PACKETSTORM", "id": "155051" }, { "db": "PACKETSTORM", "id": "154665" }, { "db": "CNNVD", "id": "CNNVD-201907-1434" }, { "db": "NVD", "id": "CVE-2019-14379" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULHUB", "id": "VHN-146319" }, { "db": "VULMON", "id": "CVE-2019-14379" }, { "db": "JVNDB", "id": "JVNDB-2019-007329" }, { "db": "PACKETSTORM", "id": "154845" }, { "db": "PACKETSTORM", "id": "155054" }, { "db": "PACKETSTORM", "id": "154686" }, { "db": "PACKETSTORM", "id": "162493" }, { "db": "PACKETSTORM", "id": "156628" }, { "db": "PACKETSTORM", "id": "154844" }, { "db": "PACKETSTORM", "id": "154793" }, { "db": "PACKETSTORM", "id": "155051" }, { "db": "PACKETSTORM", "id": "154665" }, { "db": "CNNVD", "id": "CNNVD-201907-1434" }, { "db": "NVD", "id": "CVE-2019-14379" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2019-07-29T00:00:00", "db": "VULHUB", "id": "VHN-146319" }, { "date": "2019-07-29T00:00:00", "db": "VULMON", "id": "CVE-2019-14379" }, { "date": "2019-08-07T00:00:00", "db": "JVNDB", "id": "JVNDB-2019-007329" }, { "date": "2019-10-14T23:03:33", "db": "PACKETSTORM", "id": "154845" }, { "date": "2019-11-01T17:01:40", "db": "PACKETSTORM", "id": "155054" }, { "date": "2019-09-30T16:22:22", "db": "PACKETSTORM", "id": "154686" }, { "date": "2021-05-06T15:03:00", "db": "PACKETSTORM", "id": "162493" }, { "date": "2020-03-05T14:41:17", "db": "PACKETSTORM", "id": "156628" }, { "date": "2019-10-14T20:33:33", "db": "PACKETSTORM", "id": "154844" }, { "date": "2019-10-10T14:44:58", "db": "PACKETSTORM", "id": "154793" }, { "date": "2019-11-01T17:00:00", "db": "PACKETSTORM", "id": "155051" }, { "date": "2019-09-30T19:22:22", "db": "PACKETSTORM", "id": "154665" }, { "date": "2019-07-29T00:00:00", "db": "CNNVD", "id": "CNNVD-201907-1434" }, { "date": "2019-07-29T12:15:16.633000", "db": "NVD", "id": "CVE-2019-14379" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-12-02T00:00:00", "db": "VULHUB", "id": "VHN-146319" }, { "date": "2022-12-02T00:00:00", "db": "VULMON", "id": "CVE-2019-14379" }, { "date": "2019-08-07T00:00:00", "db": "JVNDB", "id": "JVNDB-2019-007329" }, { "date": "2022-12-05T00:00:00", "db": "CNNVD", "id": "CNNVD-201907-1434" }, { "date": "2023-11-07T03:04:54.240000", "db": "NVD", "id": "CVE-2019-14379" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201907-1434" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "FasterXML jackson-databind Input validation vulnerability", "sources": [ { "db": "JVNDB", "id": "JVNDB-2019-007329" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "code execution", "sources": [ { "db": "PACKETSTORM", "id": "154845" }, { "db": "PACKETSTORM", "id": "155054" }, { "db": "PACKETSTORM", "id": "154686" }, { "db": "PACKETSTORM", "id": "162493" }, { "db": "PACKETSTORM", "id": "156628" }, { "db": "PACKETSTORM", "id": "154844" }, { "db": "PACKETSTORM", "id": "154793" }, { "db": "PACKETSTORM", "id": "155051" }, { "db": "PACKETSTORM", "id": "154665" } ], "trust": 0.9 } }
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.