var-202003-1782
Vulnerability from variot
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPConfig (aka anteros-core). FasterXML jackson-databind Exists in an unreliable data deserialization vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. FasterXML Jackson is a data processing tool for Java developed by American FasterXML Company. jackson-databind is one of the components with data binding function. A security vulnerability exists in FasterXML jackson-databind 2.x versions prior to 2.9.10.4. An attacker could exploit this vulnerability to execute arbitrary code with a specially crafted request. Description:
Red Hat Single Sign-On 7.4 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Important: Red Hat JBoss Enterprise Application Platform 7.3.1 Security update Advisory ID: RHSA-2020:2511-01 Product: Red Hat JBoss Enterprise Application Platform Advisory URL: https://access.redhat.com/errata/RHSA-2020:2511 Issue date: 2020-06-10 CVE Names: CVE-2018-14371 CVE-2019-0205 CVE-2019-0210 CVE-2019-10172 CVE-2019-12423 CVE-2019-14887 CVE-2019-17573 CVE-2020-1695 CVE-2020-1729 CVE-2020-1745 CVE-2020-1757 CVE-2020-6950 CVE-2020-7226 CVE-2020-8840 CVE-2020-9546 CVE-2020-9547 CVE-2020-9548 CVE-2020-10688 CVE-2020-10719 ==================================================================== 1. Summary:
An update is now available for Red Hat JBoss Enterprise Application Platform 7.3 for Red Hat Enterprise Linux 6.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat JBoss EAP 7.3 for RHEL 6 Server - noarch
- Description:
Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime.
This release of Red Hat JBoss Enterprise Application Platform 7.3.1 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.3.0, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.3.1 Release Notes for information about the most significant bug fixes and enhancements included in this release.
Security Fix(es):
-
cxf: reflected XSS in the services listing page (CVE-2019-17573)
-
cxf-core: cxf: OpenId Connect token service does not properly validate the clientId (CVE-2019-12423)
-
jackson-mapper-asl: XML external entity similar to CVE-2016-3720 (CVE-2019-10172)
-
undertow: servletPath in normalized incorrectly leading to dangerous application mapping which could result in security bypass (CVE-2020-1757)
-
jackson-databind: XML external entity similar to CVE-2016-3720 (CVE-2019-10172)
-
jackson-mapper-asl: XML external entity similar to CVE-2016-3720 (CVE-2019-10172)
-
resteasy-jaxrs: resteasy: Improper validation of response header in MediaTypeHeaderDelegate.java class (CVE-2020-1695)
-
cryptacular: excessive memory allocation during a decode operation (CVE-2020-7226)
-
smallrye-config: SmallRye: SecuritySupport class is incorrectly public and contains a static method to access the current threads context class loader (CVE-2020-1729)
-
resteasy: RESTEASY003870 exception in RESTEasy can lead to a reflected XSS attack (CVE-2020-10688)
-
jackson-databind: Lacks certain xbean-reflect/JNDI blocking (CVE-2020-8840)
-
undertow: invalid HTTP request with large chunk size (CVE-2020-10719)
-
jackson-databind: Serialization gadgets in shaded-hikari-config (CVE-2020-9546)
-
jackson-databind: Serialization gadgets in ibatis-sqlmap (CVE-2020-9547)
-
jackson-databind: Serialization gadgets in anteros-core (CVE-2020-9548)
-
undertow: AJP File Read/Inclusion Vulnerability (CVE-2020-1745)
-
libthrift: thrift: Endless loop when feed with specific input data (CVE-2019-0205)
-
libthrift: thrift: Out-of-bounds read related to TJSONProtocol or TSimpleJSONProtocol (CVE-2019-0210)
-
wildfly: The 'enabled-protocols' value in legacy security is not respected if OpenSSL security provider is in use (CVE-2019-14887)
-
jsf-impl: Mojarra: Path traversal via either the loc parameter or the con parameter, incomplete fix of CVE-2018-14371 (CVE-2020-6950)
-
jsf-impl: mojarra: Path traversal in ResourceManager.java:getLocalePrefix() via the loc parameter (CVE-2018-14371)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, see the CVE page(s) listed in the References section.
- Solution:
Before applying this update, ensure all previously released errata relevant to your system have been applied.
For details about how to apply this update, see:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1607709 - CVE-2018-14371 mojarra: Path traversal in ResourceManager.java:getLocalePrefix() via the loc parameter 1715075 - CVE-2019-10172 jackson-mapper-asl: XML external entity similar to CVE-2016-3720 1730462 - CVE-2020-1695 resteasy: Improper validation of response header in MediaTypeHeaderDelegate.java class 1752770 - CVE-2020-1757 undertow: servletPath is normalized incorrectly leading to dangerous application mapping which could result in security bypass 1764607 - CVE-2019-0210 thrift: Out-of-bounds read related to TJSONProtocol or TSimpleJSONProtocol 1764612 - CVE-2019-0205 thrift: Endless loop when feed with specific input data 1772008 - CVE-2019-14887 wildfly: The 'enabled-protocols' value in legacy security is not respected if OpenSSL security provider is in use 1797006 - CVE-2019-12423 cxf: OpenId Connect token service does not properly validate the clientId 1797011 - CVE-2019-17573 cxf: reflected XSS in the services listing page 1801380 - CVE-2020-7226 cryptacular: excessive memory allocation during a decode operation 1802444 - CVE-2020-1729 SmallRye: SecuritySupport class is incorrectly public and contains a static method to access the current threads context class loader 1805006 - CVE-2020-6950 Mojarra: Path traversal via either the loc parameter or the con parameter, incomplete fix of CVE-2018-14371 1807305 - CVE-2020-1745 undertow: AJP File Read/Inclusion Vulnerability 1814974 - CVE-2020-10688 RESTEasy: RESTEASY003870 exception in RESTEasy can lead to a reflected XSS attack 1816330 - CVE-2020-8840 jackson-databind: Lacks certain xbean-reflect/JNDI blocking 1816332 - CVE-2020-9546 jackson-databind: Serialization gadgets in shaded-hikari-config 1816337 - CVE-2020-9547 jackson-databind: Serialization gadgets in ibatis-sqlmap 1816340 - CVE-2020-9548 jackson-databind: Serialization gadgets in anteros-core 1828459 - CVE-2020-10719 undertow: invalid HTTP request with large chunk size
- JIRA issues fixed (https://issues.jboss.org/):
JBEAP-16114 - (7.3.z) Upgrade jboss-vfs to 3.2.15.Final JBEAP-18060 - GSS Upgrade weld from 3.1.2.Final-redhat-00001 to 3.1.4.Final-redhat-00001 JBEAP-18163 - (7.3.z) Upgrade HAL from 3.2.3.Final-redhat-00001 to 3.2.8.Final-redhat-00001 JBEAP-18221 - (7.3.z) Upgrade PicketLink bindings from 2.5.5.SP12-redhat-00010 to 2.5.5.SP12-redhat-00012 JBEAP-18240 - (7.3.z) Update the Chinese translations in WildFly Core JBEAP-18241 - (7.3.z) Update the Japanese translations in WildFly Core JBEAP-18273 - (7.3.z) Upgrade IronJacamar from 1.4.19.Final to 1.4.20.Final JBEAP-18277 - GSS Upgrade JBoss JSF API from 3.0.0.SP01-redhat-00001 to 3.0.0.SP02-redhat-00001 JBEAP-18288 - GSS Upgrade FasterXML from 2.10.0 to 2.10.3 JBEAP-18294 - (7.3.z) Upgrade JAXB from 2.3.1 to 2.3.3-b02 and com.sun.istack from 3.0.7 to 3.0.10 JBEAP-18302 - GSS Upgrade wildfly-http-client from 1.0.18 to 1.0.20 JBEAP-18315 - GSS Upgrade Artemis from 2.9.0.redhat-00005 to 2.9.0.redhat-00010 JBEAP-18346 - GSS Upgrade jakarta.el from 3.0.2.redhat-00001 to 3.0.3.redhat-00002 JBEAP-18352 - GSS Upgrade JBoss Remoting from 5.0.16.Final-redhat-00001 to 5.0.18.Final-redhat-00001 JBEAP-18361 - GSS Upgrade Woodstox from 5.0.3 to 6.0.3 JBEAP-18367 - GSS Upgrade Hibernate ORM from 5.3.15 to 5.3.16 JBEAP-18393 - GSS Update $JBOSS_HOME/docs/schema to show https schema URL instead of http JBEAP-18397 - Tracker bug for the EAP 7.3.1 release for RHEL-6 JBEAP-18409 - GSS Upgrade Infinispan from 9.4.16.Final-redhat-00002 to 9.4.18.Final-redhat-00001 JBEAP-18527 - (7.3.z) Upgrade WildFly Naming Client from 1.0.10.Final to 1.0.12.Final JBEAP-18528 - (7.3.z) Upgrade jboss-ejb-client from 4.0.27.Final to 4.0.31.Final-redhat-00001 JBEAP-18596 - GSS Upgrade JBoss Modules from 1.9.1 to 1.10.0 JBEAP-18598 - GSS Upgrade Bouncycastle from 1.60.0-redhat-00001 to 1.60.0-redhat-00002 JBEAP-18640 - [Runtimes] (7.3.x) Upgrade slf4j-jboss-logmanager from 1.0.3.GA.redhat-2 to 1.0.4.GA.redhat-00001 JBEAP-18653 - (7.3.z) Upgrade Apache CXF from 3.3.4.redhat-00001 to 3.3.5.redhat-00001 JBEAP-18706 - (7.3.z) Upgrade elytron-web from 1.6.0.Final to 1.6.1.Final JBEAP-18770 - Upgrade Jandex to 2.1.2.Final-redhat-00001 JBEAP-18775 - (7.3.z) Upgrade WildFly Core to 10.1.4.Final-redhat-00001 JBEAP-18788 - (7.3.x) Upgrade wss4j from 2.2.4.redhat-00001 to 2.2.5.redhat-00001 JBEAP-18790 - (7.3.z) Upgrade cryptacular from 1.2.0.redhat-1 to 1.2.4.redhat-00001 JBEAP-18818 - (7.3.z) Upgrade PicketBox from 5.0.3.Final-redhat-00005 to 5.0.3.Final-redhat-00006 JBEAP-18836 - GSS Upgrade Remoting JMX from 3.0.3 to 3.0.4 JBEAP-18850 - (7.3.z) Upgrade smallrye-config from 1.4.1 to 1.6.2 JBEAP-18870 - Upgrade WildFly Common to 1.5.2.Final.redhat-00002 JBEAP-18875 - Upgrade MicroProfile Metrics API to 2.3 and smallrye-metrics to 2.4.0 JBEAP-18876 - Upgrade Smallrye Health to 2.2.0 and MP Health API to 2.2 JBEAP-18877 - (7.3.z) Upgrade Jaeger client to 0.34.3 JBEAP-18878 - Upgrade Smallrye Opentracing to 1.3.4 and MP Opentracing to 1.3.3 JBEAP-18879 - (7.3.z) Upgrade MicroProfile Config 1.4 JBEAP-18929 - (7.3.z) Upgrade WildFly Elytron from 1.10.5.Final-redhat-00001 to 1.10.6.Final JBEAP-18990 - (7.3.z) Upgrade jasypt from 1.9.2 to 1.9.3-redhat-00001 JBEAP-18991 - (7.3.z) Upgrade opensaml from 3.3.0.redhat-1 to 3.3.1-redhat-00002 JBEAP-19035 - In Building Custom Layers, update pom.xml content for 7.3.1 JBEAP-19054 - Upgrade MP REST Client to 1.4.0.redhat-00004 JBEAP-19066 - Upgrade snakeyaml from 1.18.0.redhat-2 to 1.24.0.redhat-00001 JBEAP-19117 - GSS Upgrade org.jboss.genericjms from 2.0.2.Final-redhat-00001 to 2.0.4.Final-redhat-00001 JBEAP-19133 - GSS Upgrade JSF based on Mojarra 2.3.9.SP08-redhat-00001 to 2.3.9.SP09-redhat-00001 JBEAP-19156 - (7.3.z) Upgrade RESTEasy from 3.11.1.Final.redhat-00001 to 3.11.2.Final.redhat-00001 JBEAP-19181 - (7.3.z) Upgrade WildFly Core to 10.1.5.Final-redhat-00001 JBEAP-19192 - (7.3.z) Update the Japanese translations JBEAP-19232 - (7.3.z) Upgrade WildFly Core from 10.1.5.Final-redhat-00001 to 10.1.7.Final-redhat-00001 JBEAP-19281 - (7.3.z) Upgrade undertow from 2.0.30.SP2-redhat-00001 to 2.0.30.SP3-redhat-00001 JBEAP-19456 - Upgrade wildfly-transaction-client to 1.1.11.Final
- Package List:
Red Hat JBoss EAP 7.3 for RHEL 6 Server:
Source: eap7-activemq-artemis-2.9.0-4.redhat_00010.1.el6eap.src.rpm eap7-apache-cxf-3.3.5-1.redhat_00001.1.el6eap.src.rpm eap7-bouncycastle-1.60.0-2.redhat_00002.1.el6eap.src.rpm eap7-codehaus-jackson-1.9.13-10.redhat_00007.1.el6eap.src.rpm eap7-cryptacular-1.2.4-1.redhat_00001.1.el6eap.src.rpm eap7-elytron-web-1.6.1-1.Final_redhat_00001.1.el6eap.src.rpm eap7-glassfish-jaxb-2.3.3-4.b02_redhat_00001.1.el6eap.src.rpm eap7-glassfish-jsf-2.3.9-10.SP09_redhat_00001.1.el6eap.src.rpm eap7-hal-console-3.2.8-1.Final_redhat_00001.1.el6eap.src.rpm eap7-hibernate-5.3.16-1.Final_redhat_00001.1.el6eap.src.rpm eap7-infinispan-9.4.18-1.Final_redhat_00001.1.el6eap.src.rpm eap7-ironjacamar-1.4.20-1.Final_redhat_00001.1.el6eap.src.rpm eap7-jackson-annotations-2.10.3-1.redhat_00001.1.el6eap.src.rpm eap7-jackson-core-2.10.3-1.redhat_00001.1.el6eap.src.rpm eap7-jackson-databind-2.10.3-1.redhat_00001.1.el6eap.src.rpm eap7-jackson-jaxrs-providers-2.10.3-1.redhat_00001.1.el6eap.src.rpm eap7-jackson-modules-base-2.10.3-1.redhat_00001.1.el6eap.src.rpm eap7-jackson-modules-java8-2.10.3-1.redhat_00001.1.el6eap.src.rpm eap7-jaegertracing-jaeger-client-java-0.34.3-1.redhat_00001.1.el6eap.src.rpm eap7-jakarta-el-3.0.3-1.redhat_00002.1.el6eap.src.rpm eap7-jandex-2.1.2-1.Final_redhat_00001.1.el6eap.src.rpm eap7-jasypt-1.9.3-1.redhat_00001.1.el6eap.src.rpm eap7-jboss-ejb-client-4.0.31-1.Final_redhat_00001.1.el6eap.src.rpm eap7-jboss-genericjms-2.0.4-1.Final_redhat_00001.1.el6eap.src.rpm eap7-jboss-jsf-api_2.3_spec-3.0.0-3.SP02_redhat_00001.1.el6eap.src.rpm eap7-jboss-modules-1.10.0-1.Final_redhat_00001.1.el6eap.src.rpm eap7-jboss-remoting-5.0.18-1.Final_redhat_00001.1.el6eap.src.rpm eap7-jboss-remoting-jmx-3.0.4-1.Final_redhat_00001.1.el6eap.src.rpm eap7-jboss-server-migration-1.7.1-5.Final_redhat_00006.1.el6eap.src.rpm eap7-jboss-vfs-3.2.15-1.Final_redhat_00001.1.el6eap.src.rpm eap7-jboss-weld-3.1-api-3.1.0-6.SP2_redhat_00001.1.el6eap.src.rpm eap7-microprofile-config-1.4.0-1.redhat_00003.1.el6eap.src.rpm eap7-microprofile-health-2.2.0-1.redhat_00001.1.el6eap.src.rpm eap7-microprofile-metrics-2.3.0-1.redhat_00001.1.el6eap.src.rpm eap7-microprofile-opentracing-1.3.3-1.redhat_00001.1.el6eap.src.rpm eap7-microprofile-rest-client-1.4.0-1.redhat_00004.1.el6eap.src.rpm eap7-opensaml-3.3.1-1.redhat_00002.1.el6eap.src.rpm eap7-picketbox-5.0.3-7.Final_redhat_00006.1.el6eap.src.rpm eap7-picketlink-bindings-2.5.5-23.SP12_redhat_00012.1.el6eap.src.rpm eap7-resteasy-3.11.2-3.Final_redhat_00002.1.el6eap.src.rpm eap7-slf4j-jboss-logmanager-1.0.4-1.GA_redhat_00001.1.el6eap.src.rpm eap7-smallrye-config-1.6.2-3.redhat_00004.1.el6eap.src.rpm eap7-smallrye-health-2.2.0-1.redhat_00004.1.el6eap.src.rpm eap7-smallrye-metrics-2.4.0-1.redhat_00004.1.el6eap.src.rpm eap7-smallrye-opentracing-1.3.4-1.redhat_00004.1.el6eap.src.rpm eap7-snakeyaml-1.24.0-2.redhat_00001.1.el6eap.src.rpm eap7-stax2-api-4.2.0-1.redhat_00001.1.el6eap.src.rpm eap7-sun-istack-commons-3.0.10-1.redhat_00001.1.el6eap.src.rpm eap7-undertow-2.0.30-3.SP3_redhat_00001.1.el6eap.src.rpm eap7-weld-core-3.1.4-1.Final_redhat_00001.1.el6eap.src.rpm eap7-wildfly-7.3.1-5.GA_redhat_00003.1.el6eap.src.rpm eap7-wildfly-elytron-1.10.6-1.Final_redhat_00001.1.el6eap.src.rpm eap7-wildfly-http-client-1.0.20-1.Final_redhat_00001.1.el6eap.src.rpm eap7-wildfly-naming-client-1.0.12-1.Final_redhat_00001.1.el6eap.src.rpm eap7-wildfly-transaction-client-1.1.11-1.Final_redhat_00001.1.el6eap.src.rpm eap7-woodstox-core-6.0.3-1.redhat_00001.1.el6eap.src.rpm eap7-wss4j-2.2.5-1.redhat_00001.1.el6eap.src.rpm
noarch: eap7-activemq-artemis-2.9.0-4.redhat_00010.1.el6eap.noarch.rpm eap7-activemq-artemis-cli-2.9.0-4.redhat_00010.1.el6eap.noarch.rpm eap7-activemq-artemis-commons-2.9.0-4.redhat_00010.1.el6eap.noarch.rpm eap7-activemq-artemis-core-client-2.9.0-4.redhat_00010.1.el6eap.noarch.rpm eap7-activemq-artemis-dto-2.9.0-4.redhat_00010.1.el6eap.noarch.rpm eap7-activemq-artemis-hornetq-protocol-2.9.0-4.redhat_00010.1.el6eap.noarch.rpm eap7-activemq-artemis-hqclient-protocol-2.9.0-4.redhat_00010.1.el6eap.noarch.rpm eap7-activemq-artemis-jdbc-store-2.9.0-4.redhat_00010.1.el6eap.noarch.rpm eap7-activemq-artemis-jms-client-2.9.0-4.redhat_00010.1.el6eap.noarch.rpm eap7-activemq-artemis-jms-server-2.9.0-4.redhat_00010.1.el6eap.noarch.rpm eap7-activemq-artemis-journal-2.9.0-4.redhat_00010.1.el6eap.noarch.rpm eap7-activemq-artemis-ra-2.9.0-4.redhat_00010.1.el6eap.noarch.rpm eap7-activemq-artemis-selector-2.9.0-4.redhat_00010.1.el6eap.noarch.rpm eap7-activemq-artemis-server-2.9.0-4.redhat_00010.1.el6eap.noarch.rpm eap7-activemq-artemis-service-extensions-2.9.0-4.redhat_00010.1.el6eap.noarch.rpm eap7-activemq-artemis-tools-2.9.0-4.redhat_00010.1.el6eap.noarch.rpm eap7-apache-cxf-3.3.5-1.redhat_00001.1.el6eap.noarch.rpm eap7-apache-cxf-rt-3.3.5-1.redhat_00001.1.el6eap.noarch.rpm eap7-apache-cxf-services-3.3.5-1.redhat_00001.1.el6eap.noarch.rpm eap7-apache-cxf-tools-3.3.5-1.redhat_00001.1.el6eap.noarch.rpm eap7-bouncycastle-1.60.0-2.redhat_00002.1.el6eap.noarch.rpm eap7-bouncycastle-mail-1.60.0-2.redhat_00002.1.el6eap.noarch.rpm eap7-bouncycastle-pkix-1.60.0-2.redhat_00002.1.el6eap.noarch.rpm eap7-bouncycastle-prov-1.60.0-2.redhat_00002.1.el6eap.noarch.rpm eap7-codehaus-jackson-1.9.13-10.redhat_00007.1.el6eap.noarch.rpm eap7-codehaus-jackson-core-asl-1.9.13-10.redhat_00007.1.el6eap.noarch.rpm eap7-codehaus-jackson-jaxrs-1.9.13-10.redhat_00007.1.el6eap.noarch.rpm eap7-codehaus-jackson-mapper-asl-1.9.13-10.redhat_00007.1.el6eap.noarch.rpm eap7-codehaus-jackson-xc-1.9.13-10.redhat_00007.1.el6eap.noarch.rpm eap7-codemodel-2.3.3-4.b02_redhat_00001.1.el6eap.noarch.rpm eap7-cryptacular-1.2.4-1.redhat_00001.1.el6eap.noarch.rpm eap7-glassfish-jaxb-2.3.3-4.b02_redhat_00001.1.el6eap.noarch.rpm eap7-glassfish-jsf-2.3.9-10.SP09_redhat_00001.1.el6eap.noarch.rpm eap7-hal-console-3.2.8-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-hibernate-5.3.16-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-hibernate-core-5.3.16-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-hibernate-entitymanager-5.3.16-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-hibernate-envers-5.3.16-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-hibernate-java8-5.3.16-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-infinispan-9.4.18-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-infinispan-cachestore-jdbc-9.4.18-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-infinispan-cachestore-remote-9.4.18-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-infinispan-client-hotrod-9.4.18-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-infinispan-commons-9.4.18-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-infinispan-core-9.4.18-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-infinispan-hibernate-cache-commons-9.4.18-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-infinispan-hibernate-cache-spi-9.4.18-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-infinispan-hibernate-cache-v53-9.4.18-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-ironjacamar-1.4.20-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-ironjacamar-common-api-1.4.20-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-ironjacamar-common-impl-1.4.20-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-ironjacamar-common-spi-1.4.20-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-ironjacamar-core-api-1.4.20-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-ironjacamar-core-impl-1.4.20-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-ironjacamar-deployers-common-1.4.20-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-ironjacamar-jdbc-1.4.20-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-ironjacamar-validator-1.4.20-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-istack-commons-runtime-3.0.10-1.redhat_00001.1.el6eap.noarch.rpm eap7-istack-commons-tools-3.0.10-1.redhat_00001.1.el6eap.noarch.rpm eap7-jackson-annotations-2.10.3-1.redhat_00001.1.el6eap.noarch.rpm eap7-jackson-core-2.10.3-1.redhat_00001.1.el6eap.noarch.rpm eap7-jackson-databind-2.10.3-1.redhat_00001.1.el6eap.noarch.rpm eap7-jackson-datatype-jdk8-2.10.3-1.redhat_00001.1.el6eap.noarch.rpm eap7-jackson-datatype-jsr310-2.10.3-1.redhat_00001.1.el6eap.noarch.rpm eap7-jackson-jaxrs-base-2.10.3-1.redhat_00001.1.el6eap.noarch.rpm eap7-jackson-jaxrs-json-provider-2.10.3-1.redhat_00001.1.el6eap.noarch.rpm eap7-jackson-module-jaxb-annotations-2.10.3-1.redhat_00001.1.el6eap.noarch.rpm eap7-jackson-modules-base-2.10.3-1.redhat_00001.1.el6eap.noarch.rpm eap7-jackson-modules-java8-2.10.3-1.redhat_00001.1.el6eap.noarch.rpm eap7-jaegertracing-jaeger-client-java-0.34.3-1.redhat_00001.1.el6eap.noarch.rpm eap7-jaegertracing-jaeger-client-java-core-0.34.3-1.redhat_00001.1.el6eap.noarch.rpm eap7-jaegertracing-jaeger-client-java-thrift-0.34.3-1.redhat_00001.1.el6eap.noarch.rpm eap7-jakarta-el-3.0.3-1.redhat_00002.1.el6eap.noarch.rpm eap7-jandex-2.1.2-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-jasypt-1.9.3-1.redhat_00001.1.el6eap.noarch.rpm eap7-jaxb-jxc-2.3.3-4.b02_redhat_00001.1.el6eap.noarch.rpm eap7-jaxb-runtime-2.3.3-4.b02_redhat_00001.1.el6eap.noarch.rpm eap7-jaxb-xjc-2.3.3-4.b02_redhat_00001.1.el6eap.noarch.rpm eap7-jboss-ejb-client-4.0.31-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-jboss-genericjms-2.0.4-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-jboss-jsf-api_2.3_spec-3.0.0-3.SP02_redhat_00001.1.el6eap.noarch.rpm eap7-jboss-modules-1.10.0-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-jboss-remoting-5.0.18-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-jboss-remoting-jmx-3.0.4-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-jboss-server-migration-1.7.1-5.Final_redhat_00006.1.el6eap.noarch.rpm eap7-jboss-server-migration-cli-1.7.1-5.Final_redhat_00006.1.el6eap.noarch.rpm eap7-jboss-server-migration-core-1.7.1-5.Final_redhat_00006.1.el6eap.noarch.rpm eap7-jboss-server-migration-eap6.4-1.7.1-5.Final_redhat_00006.1.el6eap.noarch.rpm eap7-jboss-server-migration-eap6.4-to-eap7.3-1.7.1-5.Final_redhat_00006.1.el6eap.noarch.rpm eap7-jboss-server-migration-eap7.0-1.7.1-5.Final_redhat_00006.1.el6eap.noarch.rpm eap7-jboss-server-migration-eap7.1-1.7.1-5.Final_redhat_00006.1.el6eap.noarch.rpm eap7-jboss-server-migration-eap7.2-1.7.1-5.Final_redhat_00006.1.el6eap.noarch.rpm eap7-jboss-server-migration-eap7.2-to-eap7.3-1.7.1-5.Final_redhat_00006.1.el6eap.noarch.rpm eap7-jboss-server-migration-eap7.3-server-1.7.1-5.Final_redhat_00006.1.el6eap.noarch.rpm eap7-jboss-server-migration-wildfly10.0-1.7.1-5.Final_redhat_00006.1.el6eap.noarch.rpm eap7-jboss-server-migration-wildfly10.1-1.7.1-5.Final_redhat_00006.1.el6eap.noarch.rpm eap7-jboss-server-migration-wildfly11.0-1.7.1-5.Final_redhat_00006.1.el6eap.noarch.rpm eap7-jboss-server-migration-wildfly12.0-1.7.1-5.Final_redhat_00006.1.el6eap.noarch.rpm eap7-jboss-server-migration-wildfly13.0-server-1.7.1-5.Final_redhat_00006.1.el6eap.noarch.rpm eap7-jboss-server-migration-wildfly14.0-server-1.7.1-5.Final_redhat_00006.1.el6eap.noarch.rpm eap7-jboss-server-migration-wildfly15.0-server-1.7.1-5.Final_redhat_00006.1.el6eap.noarch.rpm eap7-jboss-server-migration-wildfly16.0-server-1.7.1-5.Final_redhat_00006.1.el6eap.noarch.rpm eap7-jboss-server-migration-wildfly17.0-server-1.7.1-5.Final_redhat_00006.1.el6eap.noarch.rpm eap7-jboss-server-migration-wildfly18.0-server-1.7.1-5.Final_redhat_00006.1.el6eap.noarch.rpm eap7-jboss-server-migration-wildfly8.2-1.7.1-5.Final_redhat_00006.1.el6eap.noarch.rpm eap7-jboss-server-migration-wildfly9.0-1.7.1-5.Final_redhat_00006.1.el6eap.noarch.rpm eap7-jboss-vfs-3.2.15-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-jboss-weld-3.1-api-3.1.0-6.SP2_redhat_00001.1.el6eap.noarch.rpm eap7-jboss-weld-3.1-api-weld-api-3.1.0-6.SP2_redhat_00001.1.el6eap.noarch.rpm eap7-jboss-weld-3.1-api-weld-spi-3.1.0-6.SP2_redhat_00001.1.el6eap.noarch.rpm eap7-microprofile-config-1.4.0-1.redhat_00003.1.el6eap.noarch.rpm eap7-microprofile-config-api-1.4.0-1.redhat_00003.1.el6eap.noarch.rpm eap7-microprofile-health-2.2.0-1.redhat_00001.1.el6eap.noarch.rpm eap7-microprofile-metrics-2.3.0-1.redhat_00001.1.el6eap.noarch.rpm eap7-microprofile-metrics-api-2.3.0-1.redhat_00001.1.el6eap.noarch.rpm eap7-microprofile-opentracing-1.3.3-1.redhat_00001.1.el6eap.noarch.rpm eap7-microprofile-opentracing-api-1.3.3-1.redhat_00001.1.el6eap.noarch.rpm eap7-microprofile-rest-client-1.4.0-1.redhat_00004.1.el6eap.noarch.rpm eap7-microprofile-rest-client-api-1.4.0-1.redhat_00004.1.el6eap.noarch.rpm eap7-opensaml-3.3.1-1.redhat_00002.1.el6eap.noarch.rpm eap7-opensaml-core-3.3.1-1.redhat_00002.1.el6eap.noarch.rpm eap7-opensaml-profile-api-3.3.1-1.redhat_00002.1.el6eap.noarch.rpm eap7-opensaml-saml-api-3.3.1-1.redhat_00002.1.el6eap.noarch.rpm eap7-opensaml-saml-impl-3.3.1-1.redhat_00002.1.el6eap.noarch.rpm eap7-opensaml-security-api-3.3.1-1.redhat_00002.1.el6eap.noarch.rpm eap7-opensaml-security-impl-3.3.1-1.redhat_00002.1.el6eap.noarch.rpm eap7-opensaml-soap-api-3.3.1-1.redhat_00002.1.el6eap.noarch.rpm eap7-opensaml-xacml-api-3.3.1-1.redhat_00002.1.el6eap.noarch.rpm eap7-opensaml-xacml-impl-3.3.1-1.redhat_00002.1.el6eap.noarch.rpm eap7-opensaml-xacml-saml-api-3.3.1-1.redhat_00002.1.el6eap.noarch.rpm eap7-opensaml-xacml-saml-impl-3.3.1-1.redhat_00002.1.el6eap.noarch.rpm eap7-opensaml-xmlsec-api-3.3.1-1.redhat_00002.1.el6eap.noarch.rpm eap7-opensaml-xmlsec-impl-3.3.1-1.redhat_00002.1.el6eap.noarch.rpm eap7-picketbox-5.0.3-7.Final_redhat_00006.1.el6eap.noarch.rpm eap7-picketbox-infinispan-5.0.3-7.Final_redhat_00006.1.el6eap.noarch.rpm eap7-picketlink-bindings-2.5.5-23.SP12_redhat_00012.1.el6eap.noarch.rpm eap7-picketlink-wildfly8-2.5.5-23.SP12_redhat_00012.1.el6eap.noarch.rpm eap7-relaxng-datatype-2.3.3-4.b02_redhat_00001.1.el6eap.noarch.rpm eap7-resteasy-3.11.2-3.Final_redhat_00002.1.el6eap.noarch.rpm eap7-resteasy-atom-provider-3.11.2-3.Final_redhat_00002.1.el6eap.noarch.rpm eap7-resteasy-cdi-3.11.2-3.Final_redhat_00002.1.el6eap.noarch.rpm eap7-resteasy-client-3.11.2-3.Final_redhat_00002.1.el6eap.noarch.rpm eap7-resteasy-client-microprofile-3.11.2-3.Final_redhat_00002.1.el6eap.noarch.rpm eap7-resteasy-crypto-3.11.2-3.Final_redhat_00002.1.el6eap.noarch.rpm eap7-resteasy-jackson-provider-3.11.2-3.Final_redhat_00002.1.el6eap.noarch.rpm eap7-resteasy-jackson2-provider-3.11.2-3.Final_redhat_00002.1.el6eap.noarch.rpm eap7-resteasy-jaxb-provider-3.11.2-3.Final_redhat_00002.1.el6eap.noarch.rpm eap7-resteasy-jaxrs-3.11.2-3.Final_redhat_00002.1.el6eap.noarch.rpm eap7-resteasy-jettison-provider-3.11.2-3.Final_redhat_00002.1.el6eap.noarch.rpm eap7-resteasy-jose-jwt-3.11.2-3.Final_redhat_00002.1.el6eap.noarch.rpm eap7-resteasy-jsapi-3.11.2-3.Final_redhat_00002.1.el6eap.noarch.rpm eap7-resteasy-json-binding-provider-3.11.2-3.Final_redhat_00002.1.el6eap.noarch.rpm eap7-resteasy-json-p-provider-3.11.2-3.Final_redhat_00002.1.el6eap.noarch.rpm eap7-resteasy-multipart-provider-3.11.2-3.Final_redhat_00002.1.el6eap.noarch.rpm eap7-resteasy-rxjava2-3.11.2-3.Final_redhat_00002.1.el6eap.noarch.rpm eap7-resteasy-spring-3.11.2-3.Final_redhat_00002.1.el6eap.noarch.rpm eap7-resteasy-validator-provider-11-3.11.2-3.Final_redhat_00002.1.el6eap.noarch.rpm eap7-resteasy-yaml-provider-3.11.2-3.Final_redhat_00002.1.el6eap.noarch.rpm eap7-rngom-2.3.3-4.b02_redhat_00001.1.el6eap.noarch.rpm eap7-slf4j-jboss-logmanager-1.0.4-1.GA_redhat_00001.1.el6eap.noarch.rpm eap7-smallrye-config-1.6.2-3.redhat_00004.1.el6eap.noarch.rpm eap7-smallrye-health-2.2.0-1.redhat_00004.1.el6eap.noarch.rpm eap7-smallrye-metrics-2.4.0-1.redhat_00004.1.el6eap.noarch.rpm eap7-smallrye-opentracing-1.3.4-1.redhat_00004.1.el6eap.noarch.rpm eap7-snakeyaml-1.24.0-2.redhat_00001.1.el6eap.noarch.rpm eap7-stax2-api-4.2.0-1.redhat_00001.1.el6eap.noarch.rpm eap7-sun-istack-commons-3.0.10-1.redhat_00001.1.el6eap.noarch.rpm eap7-txw2-2.3.3-4.b02_redhat_00001.1.el6eap.noarch.rpm eap7-undertow-2.0.30-3.SP3_redhat_00001.1.el6eap.noarch.rpm eap7-undertow-server-1.6.1-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-weld-core-3.1.4-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-weld-core-impl-3.1.4-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-weld-core-jsf-3.1.4-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-weld-ejb-3.1.4-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-weld-jta-3.1.4-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-weld-probe-core-3.1.4-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-weld-web-3.1.4-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-wildfly-7.3.1-5.GA_redhat_00003.1.el6eap.noarch.rpm eap7-wildfly-elytron-1.10.6-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-wildfly-elytron-tool-1.10.6-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-wildfly-http-client-common-1.0.20-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-wildfly-http-ejb-client-1.0.20-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-wildfly-http-naming-client-1.0.20-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-wildfly-http-transaction-client-1.0.20-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-wildfly-javadocs-7.3.1-5.GA_redhat_00003.1.el6eap.noarch.rpm eap7-wildfly-modules-7.3.1-5.GA_redhat_00003.1.el6eap.noarch.rpm eap7-wildfly-naming-client-1.0.12-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-wildfly-transaction-client-1.1.11-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-woodstox-core-6.0.3-1.redhat_00001.1.el6eap.noarch.rpm eap7-wss4j-2.2.5-1.redhat_00001.1.el6eap.noarch.rpm eap7-wss4j-bindings-2.2.5-1.redhat_00001.1.el6eap.noarch.rpm eap7-wss4j-policy-2.2.5-1.redhat_00001.1.el6eap.noarch.rpm eap7-wss4j-ws-security-common-2.2.5-1.redhat_00001.1.el6eap.noarch.rpm eap7-wss4j-ws-security-dom-2.2.5-1.redhat_00001.1.el6eap.noarch.rpm eap7-wss4j-ws-security-policy-stax-2.2.5-1.redhat_00001.1.el6eap.noarch.rpm eap7-wss4j-ws-security-stax-2.2.5-1.redhat_00001.1.el6eap.noarch.rpm eap7-xsom-2.3.3-4.b02_redhat_00001.1.el6eap.noarch.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2018-14371 https://access.redhat.com/security/cve/CVE-2019-0205 https://access.redhat.com/security/cve/CVE-2019-0210 https://access.redhat.com/security/cve/CVE-2019-10172 https://access.redhat.com/security/cve/CVE-2019-12423 https://access.redhat.com/security/cve/CVE-2019-14887 https://access.redhat.com/security/cve/CVE-2019-17573 https://access.redhat.com/security/cve/CVE-2020-1695 https://access.redhat.com/security/cve/CVE-2020-1729 https://access.redhat.com/security/cve/CVE-2020-1745 https://access.redhat.com/security/cve/CVE-2020-1757 https://access.redhat.com/security/cve/CVE-2020-6950 https://access.redhat.com/security/cve/CVE-2020-7226 https://access.redhat.com/security/cve/CVE-2020-8840 https://access.redhat.com/security/cve/CVE-2020-9546 https://access.redhat.com/security/cve/CVE-2020-9547 https://access.redhat.com/security/cve/CVE-2020-9548 https://access.redhat.com/security/cve/CVE-2020-10688 https://access.redhat.com/security/cve/CVE-2020-10719 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/ https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/html-single/installation_guide/
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBXuEwDdzjgjWX9erEAQj5vA//da7dJ0mPXDfnjDddloLp4GhZFSzpMf+8 XOA1pa8mFiDSXeJd4LoO3jDTPQnOsvnLX/4WoMFK227o+mKMWo74ArjeEg9EosT3 YaqI77IMexUuVjBHnvKygiB8ZYCXLS3PXiC/Ods5I5Xt07uxvsu9bl328RSX2TQR fhD/EAbc8vopMD10off7iXSgNh320EW/2GJKhJDoXhdvkZyifc5gu9/SaDq1JH1Q ol8FyVhdJCiDu1cqw/LBMT1J8BSJuJI+y9b7eqyQ4oZOIhpJ5BsMgcJmmLMjgnBA X1b1CtCJy9KbhNgLIqC+og37Bce2MDfAames/HC6wyZyryeChzhVYxhOw25YUk+W hBTOfQN273TIEp/Nom/SNYKrG2D9a3ki+7AeGOHRDQbfhBXeogYHftIT+h7sErAe EfkGoAE+pGeQiNXLDkSx6eZodxednpK4S8LoysUpkCAyl1Zfd2TjbVGyZNIcOEtO kCNtJ0giM7ZccXLnA+aC/X6M0c27pd8sl2eIgkBaLymEoEYW+BgdxSE5HD5hhC/p P6WT3nq8R5k0xmRXGXOEK2ireHIjQAfhADmv50YJv4wkbfbXADl1AImiLprgnrGI y2sYyVzXGC4APQZJCgUG61wZkRp8QDtnjAdfJujSzuxg3KpE/x1MQJqlnibKflUN uvhlMQF+ipU=W6+1 -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce .
The References section of this erratum contains a download link (you must log in to download the update).
The JBoss server process must be restarted for the update to take effect
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202003-1782", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "banking platform", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "2.4.0" }, { "model": "active iq unified manager", "scope": "gte", "trust": 1.0, "vendor": "netapp", "version": "9.5" }, { "model": "primavera unifier", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "17.7" }, { "model": "banking digital experience", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "20.1" }, { "model": "communications contacts server", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "8.0.0.4.0" }, { "model": "primavera unifier", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "16.1" }, { "model": "retail merchandising system", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "15.0" }, { "model": "communications instant messaging server", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "10.0.1.4.0" }, { "model": "communications diameter signaling router", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "8.2.2" }, { "model": "communications diameter signaling router", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "8.0.0" }, { "model": "primavera unifier", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "16.2" }, { "model": "retail xstore point of service", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "17.0" }, { "model": "enterprise manager base platform", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "13.3.0.0" }, { "model": "primavera unifier", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "17.12" }, { "model": "banking digital experience", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "18.2" }, { "model": "global lifecycle management opatch", "scope": "lt", "trust": 1.0, "vendor": "oracle", "version": "12.2.0.1.20" }, { "model": "jackson-databind", "scope": "gte", "trust": 1.0, "vendor": "fasterxml", "version": "2.9.0" }, { "model": "banking digital experience", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "19.1" }, { "model": "weblogic server", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "12.2.1.4.0" }, { "model": "retail sales audit", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.1" }, { "model": "retail xstore point of service", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "16.0" }, { "model": "jackson-databind", "scope": "lt", "trust": 1.0, "vendor": "fasterxml", "version": "2.8.11.6" }, { "model": "communications network charging and control", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "6.0.1" }, { "model": "communications calendar server", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "8.0.0.4.0" }, { "model": "primavera unifier", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "19.12" }, { "model": "retail xstore point of service", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "18.0" }, { "model": "communications element manager", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "8.2.2" }, { "model": "banking digital experience", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "18.3" }, { "model": "communications evolved communications application server", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "7.1" }, { "model": "agile plm", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "9.3.6" }, { "model": "jackson-databind", "scope": "lt", "trust": 1.0, "vendor": "fasterxml", "version": "2.7.9.7" }, { "model": "communications session report manager", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "8.2.2" }, { "model": "communications network charging and control", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "12.0.3" }, { "model": "autovue for agile product lifecycle management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "21.0.2" }, { "model": "jackson-databind", "scope": "gte", "trust": 1.0, "vendor": "fasterxml", "version": "2.0.0" }, { "model": "jd edwards enterpriseone orchestrator", "scope": "lt", "trust": 1.0, "vendor": "oracle", "version": "9.2.4.2" }, { "model": "weblogic server", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "12.2.1.3.0" }, { "model": "linux", "scope": "eq", "trust": 1.0, "vendor": "debian", "version": "8.0" }, { "model": "banking digital experience", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "19.2" }, { "model": "active iq unified manager", "scope": "gte", "trust": 1.0, "vendor": "netapp", "version": "7.3" }, { "model": "jd edwards enterpriseone tools", "scope": "lt", "trust": 1.0, "vendor": "oracle", "version": "9.2.4.2" }, { "model": "communications session route manager", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "8.2.2" }, { "model": "banking digital experience", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "18.1" }, { "model": "retail xstore point of service", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "19.0" }, { "model": "retail xstore point of service", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "15.0" }, { "model": "banking platform", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "2.9.0" }, { "model": "jackson-databind", "scope": "lt", "trust": 1.0, "vendor": "fasterxml", "version": "2.9.10.4" }, { "model": "primavera unifier", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "18.8" }, { "model": "communications contacts server", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "8.0.0.5.0" }, { "model": "communications element manager", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "8.2.0" }, { "model": "communications network charging and control", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "12.0.0" }, { "model": "communications session report manager", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "8.2.0" }, { "model": "communications session route manager", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "8.2.0" }, { "model": "enterprise manager base platform", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "13.4.0.0" }, { "model": "jackson-databind", "scope": "gte", "trust": 1.0, "vendor": "fasterxml", "version": "2.8.0" }, { "model": "jackson-databind", "scope": "eq", "trust": 0.8, "vendor": "fasterxml", "version": "2.9.10.4" }, { "model": "ops center analyzer viewpoint", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "(\u6d77\u5916\u8ca9\u58f2\u306e\u307f)" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2020-002437" }, { "db": "NVD", "id": "CVE-2020-9548" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.9.10.4", "versionStartIncluding": "2.9.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.8.11.6", "versionStartIncluding": "2.8.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.7.9.7", "versionStartIncluding": "2.0.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*", "cpe_name": [], "versionStartIncluding": "7.3", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*", "cpe_name": [], "versionStartIncluding": "9.5", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:linux:*:*", "cpe_name": [], "versionStartIncluding": "7.3", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:16.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:16.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:16.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "17.12", "versionStartIncluding": "17.7", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_merchandising_system:15.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_digital_experience:18.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_digital_experience:18.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_digital_experience:19.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_digital_experience:18.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.4.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.4.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:18.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:19.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "8.2.2", "versionStartIncluding": "8.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_digital_experience:19.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_digital_experience:20.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_sales_audit:14.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "9.2.4.2", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "9.2.4.2", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_network_charging_and_control:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "12.0.3", "versionStartIncluding": "12.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_platform:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "2.9.0", "versionStartIncluding": "2.4.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_contacts_server:8.0.0.4.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:global_lifecycle_management_opatch:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "12.2.0.1.20", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_contacts_server:8.0.0.5.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_calendar_server:8.0.0.4.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_session_route_manager:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "8.2.2", "versionStartIncluding": "8.2.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_session_report_manager:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "8.2.2", "versionStartIncluding": "8.2.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "8.2.2", "versionStartIncluding": "8.2.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:autovue_for_agile_product_lifecycle_management:21.0.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2020-9548" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Red Hat", "sources": [ { "db": "PACKETSTORM", "id": "157741" }, { "db": "PACKETSTORM", "id": "158048" }, { "db": "PACKETSTORM", "id": "159081" }, { "db": "PACKETSTORM", "id": "158282" }, { "db": "PACKETSTORM", "id": "158037" }, { "db": "PACKETSTORM", "id": "158047" }, { "db": "PACKETSTORM", "id": "158038" }, { "db": "PACKETSTORM", "id": "159082" }, { "db": "CNNVD", "id": "CNNVD-202003-040" } ], "trust": 1.4 }, "cve": "CVE-2020-9548", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Medium", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 6.8, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "JVNDB-2020-002437", "impactScore": null, "integrityImpact": "Partial", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "id": "VHN-187673", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULMON", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "id": "CVE-2020-9548", "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "MEDIUM", "trust": 0.1, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "exploitabilityScore": 3.9, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 9.8, "baseSeverity": "Critical", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "JVNDB-2020-002437", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2020-9548", "trust": 1.0, "value": "CRITICAL" }, { "author": "NVD", "id": "JVNDB-2020-002437", "trust": 0.8, "value": "Critical" }, { "author": "CNNVD", "id": "CNNVD-202003-040", "trust": 0.6, "value": "CRITICAL" }, { "author": "VULHUB", "id": "VHN-187673", "trust": 0.1, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2020-9548", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULHUB", "id": "VHN-187673" }, { "db": "VULMON", "id": "CVE-2020-9548" }, { "db": "JVNDB", "id": "JVNDB-2020-002437" }, { "db": "CNNVD", "id": "CNNVD-202003-040" }, { "db": "NVD", "id": "CVE-2020-9548" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPConfig (aka anteros-core). FasterXML jackson-databind Exists in an unreliable data deserialization vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. FasterXML Jackson is a data processing tool for Java developed by American FasterXML Company. jackson-databind is one of the components with data binding function. A security vulnerability exists in FasterXML jackson-databind 2.x versions prior to 2.9.10.4. An attacker could exploit this vulnerability to execute arbitrary code with a specially crafted request. Description:\n\nRed Hat Single Sign-On 7.4 is a standalone server, based on the Keycloak\nproject, that provides authentication and standards-based single sign-on\ncapabilities for web and mobile applications. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Important: Red Hat JBoss Enterprise Application Platform 7.3.1 Security update\nAdvisory ID: RHSA-2020:2511-01\nProduct: Red Hat JBoss Enterprise Application Platform\nAdvisory URL: https://access.redhat.com/errata/RHSA-2020:2511\nIssue date: 2020-06-10\nCVE Names: CVE-2018-14371 CVE-2019-0205 CVE-2019-0210\n CVE-2019-10172 CVE-2019-12423 CVE-2019-14887\n CVE-2019-17573 CVE-2020-1695 CVE-2020-1729\n CVE-2020-1745 CVE-2020-1757 CVE-2020-6950\n CVE-2020-7226 CVE-2020-8840 CVE-2020-9546\n CVE-2020-9547 CVE-2020-9548 CVE-2020-10688\n CVE-2020-10719\n====================================================================\n1. Summary:\n\nAn update is now available for Red Hat JBoss Enterprise Application\nPlatform 7.3 for Red Hat Enterprise Linux 6. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat JBoss EAP 7.3 for RHEL 6 Server - noarch\n\n3. Description:\n\nRed Hat JBoss Enterprise Application Platform 7 is a platform for Java\napplications based on the WildFly application runtime. \n\nThis release of Red Hat JBoss Enterprise Application Platform 7.3.1 serves\nas a replacement for Red Hat JBoss Enterprise Application Platform 7.3.0,\nand includes bug fixes and enhancements. See the Red Hat JBoss Enterprise\nApplication Platform 7.3.1 Release Notes for information about the most\nsignificant bug fixes and enhancements included in this release. \n\nSecurity Fix(es):\n\n* cxf: reflected XSS in the services listing page (CVE-2019-17573)\n\n* cxf-core: cxf: OpenId Connect token service does not properly validate\nthe clientId (CVE-2019-12423)\n\n* jackson-mapper-asl: XML external entity similar to CVE-2016-3720\n(CVE-2019-10172)\n\n* undertow: servletPath in normalized incorrectly leading to dangerous\napplication mapping which could result in security bypass (CVE-2020-1757)\n\n* jackson-databind: XML external entity similar to CVE-2016-3720\n(CVE-2019-10172)\n\n* jackson-mapper-asl: XML external entity similar to CVE-2016-3720\n(CVE-2019-10172)\n\n* resteasy-jaxrs: resteasy: Improper validation of response header in\nMediaTypeHeaderDelegate.java class (CVE-2020-1695)\n\n* cryptacular: excessive memory allocation during a decode operation\n(CVE-2020-7226)\n\n* smallrye-config: SmallRye: SecuritySupport class is incorrectly public\nand contains a static method to access the current threads context class\nloader (CVE-2020-1729)\n\n* resteasy: RESTEASY003870 exception in RESTEasy can lead to a reflected\nXSS attack (CVE-2020-10688)\n\n* jackson-databind: Lacks certain xbean-reflect/JNDI blocking\n(CVE-2020-8840)\n\n* undertow: invalid HTTP request with large chunk size (CVE-2020-10719)\n\n* jackson-databind: Serialization gadgets in shaded-hikari-config\n(CVE-2020-9546)\n\n* jackson-databind: Serialization gadgets in ibatis-sqlmap (CVE-2020-9547)\n\n* jackson-databind: Serialization gadgets in anteros-core (CVE-2020-9548)\n\n* undertow: AJP File Read/Inclusion Vulnerability (CVE-2020-1745)\n\n* libthrift: thrift: Endless loop when feed with specific input data\n(CVE-2019-0205)\n\n* libthrift: thrift: Out-of-bounds read related to TJSONProtocol or\nTSimpleJSONProtocol (CVE-2019-0210)\n\n* wildfly: The \u0027enabled-protocols\u0027 value in legacy security is not\nrespected if OpenSSL security provider is in use (CVE-2019-14887)\n\n* jsf-impl: Mojarra: Path traversal via either the loc parameter or the con\nparameter, incomplete fix of CVE-2018-14371 (CVE-2020-6950)\n\n* jsf-impl: mojarra: Path traversal in\nResourceManager.java:getLocalePrefix() via the loc parameter\n(CVE-2018-14371)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, and other related information, see the CVE page(s) listed in the\nReferences section. \n\n4. Solution:\n\nBefore applying this update, ensure all previously released errata relevant\nto your system have been applied. \n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1607709 - CVE-2018-14371 mojarra: Path traversal in ResourceManager.java:getLocalePrefix() via the loc parameter\n1715075 - CVE-2019-10172 jackson-mapper-asl: XML external entity similar to CVE-2016-3720\n1730462 - CVE-2020-1695 resteasy: Improper validation of response header in MediaTypeHeaderDelegate.java class\n1752770 - CVE-2020-1757 undertow: servletPath is normalized incorrectly leading to dangerous application mapping which could result in security bypass\n1764607 - CVE-2019-0210 thrift: Out-of-bounds read related to TJSONProtocol or TSimpleJSONProtocol\n1764612 - CVE-2019-0205 thrift: Endless loop when feed with specific input data\n1772008 - CVE-2019-14887 wildfly: The \u0027enabled-protocols\u0027 value in legacy security is not respected if OpenSSL security provider is in use\n1797006 - CVE-2019-12423 cxf: OpenId Connect token service does not properly validate the clientId\n1797011 - CVE-2019-17573 cxf: reflected XSS in the services listing page\n1801380 - CVE-2020-7226 cryptacular: excessive memory allocation during a decode operation\n1802444 - CVE-2020-1729 SmallRye: SecuritySupport class is incorrectly public and contains a static method to access the current threads context class loader\n1805006 - CVE-2020-6950 Mojarra: Path traversal via either the loc parameter or the con parameter, incomplete fix of CVE-2018-14371\n1807305 - CVE-2020-1745 undertow: AJP File Read/Inclusion Vulnerability\n1814974 - CVE-2020-10688 RESTEasy: RESTEASY003870 exception in RESTEasy can lead to a reflected XSS attack\n1816330 - CVE-2020-8840 jackson-databind: Lacks certain xbean-reflect/JNDI blocking\n1816332 - CVE-2020-9546 jackson-databind: Serialization gadgets in shaded-hikari-config\n1816337 - CVE-2020-9547 jackson-databind: Serialization gadgets in ibatis-sqlmap\n1816340 - CVE-2020-9548 jackson-databind: Serialization gadgets in anteros-core\n1828459 - CVE-2020-10719 undertow: invalid HTTP request with large chunk size\n\n6. JIRA issues fixed (https://issues.jboss.org/):\n\nJBEAP-16114 - (7.3.z) Upgrade jboss-vfs to 3.2.15.Final\nJBEAP-18060 - [GSS](7.3.z) Upgrade weld from 3.1.2.Final-redhat-00001 to 3.1.4.Final-redhat-00001\nJBEAP-18163 - (7.3.z) Upgrade HAL from 3.2.3.Final-redhat-00001 to 3.2.8.Final-redhat-00001\nJBEAP-18221 - (7.3.z) Upgrade PicketLink bindings from 2.5.5.SP12-redhat-00010 to 2.5.5.SP12-redhat-00012\nJBEAP-18240 - (7.3.z) Update the Chinese translations in WildFly Core\nJBEAP-18241 - (7.3.z) Update the Japanese translations in WildFly Core\nJBEAP-18273 - (7.3.z) Upgrade IronJacamar from 1.4.19.Final to 1.4.20.Final\nJBEAP-18277 - [GSS](7.3.z) Upgrade JBoss JSF API from 3.0.0.SP01-redhat-00001 to 3.0.0.SP02-redhat-00001\nJBEAP-18288 - [GSS](7.3.z) Upgrade FasterXML from 2.10.0 to 2.10.3\nJBEAP-18294 - (7.3.z) Upgrade JAXB from 2.3.1 to 2.3.3-b02 and com.sun.istack from 3.0.7 to 3.0.10\nJBEAP-18302 - [GSS](7.3.z) Upgrade wildfly-http-client from 1.0.18 to 1.0.20\nJBEAP-18315 - [GSS](7.3.z) Upgrade Artemis from 2.9.0.redhat-00005 to 2.9.0.redhat-00010\nJBEAP-18346 - [GSS](7.3.z) Upgrade jakarta.el from 3.0.2.redhat-00001 to 3.0.3.redhat-00002\nJBEAP-18352 - [GSS](7.3.z) Upgrade JBoss Remoting from 5.0.16.Final-redhat-00001 to 5.0.18.Final-redhat-00001\nJBEAP-18361 - [GSS](7.3.z) Upgrade Woodstox from 5.0.3 to 6.0.3\nJBEAP-18367 - [GSS](7.3.z) Upgrade Hibernate ORM from 5.3.15 to 5.3.16\nJBEAP-18393 - [GSS](7.3.z) Update $JBOSS_HOME/docs/schema to show https schema URL instead of http\nJBEAP-18397 - Tracker bug for the EAP 7.3.1 release for RHEL-6\nJBEAP-18409 - [GSS](7.3.z) Upgrade Infinispan from 9.4.16.Final-redhat-00002 to 9.4.18.Final-redhat-00001\nJBEAP-18527 - (7.3.z) Upgrade WildFly Naming Client from 1.0.10.Final to 1.0.12.Final\nJBEAP-18528 - (7.3.z) Upgrade jboss-ejb-client from 4.0.27.Final to 4.0.31.Final-redhat-00001\nJBEAP-18596 - [GSS](7.3.z) Upgrade JBoss Modules from 1.9.1 to 1.10.0\nJBEAP-18598 - [GSS](7.3.z) Upgrade Bouncycastle from 1.60.0-redhat-00001 to 1.60.0-redhat-00002\nJBEAP-18640 - [Runtimes] (7.3.x) Upgrade slf4j-jboss-logmanager from 1.0.3.GA.redhat-2 to 1.0.4.GA.redhat-00001\nJBEAP-18653 - (7.3.z) Upgrade Apache CXF from 3.3.4.redhat-00001 to 3.3.5.redhat-00001\nJBEAP-18706 - (7.3.z) Upgrade elytron-web from 1.6.0.Final to 1.6.1.Final\nJBEAP-18770 - Upgrade Jandex to 2.1.2.Final-redhat-00001\nJBEAP-18775 - (7.3.z) Upgrade WildFly Core to 10.1.4.Final-redhat-00001\nJBEAP-18788 - (7.3.x) Upgrade wss4j from 2.2.4.redhat-00001 to 2.2.5.redhat-00001\nJBEAP-18790 - (7.3.z) Upgrade cryptacular from 1.2.0.redhat-1 to 1.2.4.redhat-00001\nJBEAP-18818 - (7.3.z) Upgrade PicketBox from 5.0.3.Final-redhat-00005 to 5.0.3.Final-redhat-00006\nJBEAP-18836 - [GSS](7.3.z) Upgrade Remoting JMX from 3.0.3 to 3.0.4\nJBEAP-18850 - (7.3.z) Upgrade smallrye-config from 1.4.1 to 1.6.2\nJBEAP-18870 - Upgrade WildFly Common to 1.5.2.Final.redhat-00002\nJBEAP-18875 - Upgrade MicroProfile Metrics API to 2.3 and smallrye-metrics to 2.4.0\nJBEAP-18876 - Upgrade Smallrye Health to 2.2.0 and MP Health API to 2.2\nJBEAP-18877 - (7.3.z) Upgrade Jaeger client to 0.34.3\nJBEAP-18878 - Upgrade Smallrye Opentracing to 1.3.4 and MP Opentracing to 1.3.3\nJBEAP-18879 - (7.3.z) Upgrade MicroProfile Config 1.4\nJBEAP-18929 - (7.3.z) Upgrade WildFly Elytron from 1.10.5.Final-redhat-00001 to 1.10.6.Final\nJBEAP-18990 - (7.3.z) Upgrade jasypt from 1.9.2 to 1.9.3-redhat-00001\nJBEAP-18991 - (7.3.z) Upgrade opensaml from 3.3.0.redhat-1 to 3.3.1-redhat-00002\nJBEAP-19035 - In Building Custom Layers, update pom.xml content for 7.3.1\nJBEAP-19054 - Upgrade MP REST Client to 1.4.0.redhat-00004\nJBEAP-19066 - Upgrade snakeyaml from 1.18.0.redhat-2 to 1.24.0.redhat-00001\nJBEAP-19117 - [GSS](7.3.z) Upgrade org.jboss.genericjms from 2.0.2.Final-redhat-00001 to 2.0.4.Final-redhat-00001\nJBEAP-19133 - [GSS](7.3.z) Upgrade JSF based on Mojarra 2.3.9.SP08-redhat-00001 to 2.3.9.SP09-redhat-00001\nJBEAP-19156 - (7.3.z) Upgrade RESTEasy from 3.11.1.Final.redhat-00001 to 3.11.2.Final.redhat-00001\nJBEAP-19181 - (7.3.z) Upgrade WildFly Core to 10.1.5.Final-redhat-00001\nJBEAP-19192 - (7.3.z) Update the Japanese translations\nJBEAP-19232 - (7.3.z) Upgrade WildFly Core from 10.1.5.Final-redhat-00001 to 10.1.7.Final-redhat-00001\nJBEAP-19281 - (7.3.z) Upgrade undertow from 2.0.30.SP2-redhat-00001 to 2.0.30.SP3-redhat-00001\nJBEAP-19456 - Upgrade wildfly-transaction-client to 1.1.11.Final\n\n7. Package List:\n\nRed Hat JBoss EAP 7.3 for RHEL 6 Server:\n\nSource:\neap7-activemq-artemis-2.9.0-4.redhat_00010.1.el6eap.src.rpm\neap7-apache-cxf-3.3.5-1.redhat_00001.1.el6eap.src.rpm\neap7-bouncycastle-1.60.0-2.redhat_00002.1.el6eap.src.rpm\neap7-codehaus-jackson-1.9.13-10.redhat_00007.1.el6eap.src.rpm\neap7-cryptacular-1.2.4-1.redhat_00001.1.el6eap.src.rpm\neap7-elytron-web-1.6.1-1.Final_redhat_00001.1.el6eap.src.rpm\neap7-glassfish-jaxb-2.3.3-4.b02_redhat_00001.1.el6eap.src.rpm\neap7-glassfish-jsf-2.3.9-10.SP09_redhat_00001.1.el6eap.src.rpm\neap7-hal-console-3.2.8-1.Final_redhat_00001.1.el6eap.src.rpm\neap7-hibernate-5.3.16-1.Final_redhat_00001.1.el6eap.src.rpm\neap7-infinispan-9.4.18-1.Final_redhat_00001.1.el6eap.src.rpm\neap7-ironjacamar-1.4.20-1.Final_redhat_00001.1.el6eap.src.rpm\neap7-jackson-annotations-2.10.3-1.redhat_00001.1.el6eap.src.rpm\neap7-jackson-core-2.10.3-1.redhat_00001.1.el6eap.src.rpm\neap7-jackson-databind-2.10.3-1.redhat_00001.1.el6eap.src.rpm\neap7-jackson-jaxrs-providers-2.10.3-1.redhat_00001.1.el6eap.src.rpm\neap7-jackson-modules-base-2.10.3-1.redhat_00001.1.el6eap.src.rpm\neap7-jackson-modules-java8-2.10.3-1.redhat_00001.1.el6eap.src.rpm\neap7-jaegertracing-jaeger-client-java-0.34.3-1.redhat_00001.1.el6eap.src.rpm\neap7-jakarta-el-3.0.3-1.redhat_00002.1.el6eap.src.rpm\neap7-jandex-2.1.2-1.Final_redhat_00001.1.el6eap.src.rpm\neap7-jasypt-1.9.3-1.redhat_00001.1.el6eap.src.rpm\neap7-jboss-ejb-client-4.0.31-1.Final_redhat_00001.1.el6eap.src.rpm\neap7-jboss-genericjms-2.0.4-1.Final_redhat_00001.1.el6eap.src.rpm\neap7-jboss-jsf-api_2.3_spec-3.0.0-3.SP02_redhat_00001.1.el6eap.src.rpm\neap7-jboss-modules-1.10.0-1.Final_redhat_00001.1.el6eap.src.rpm\neap7-jboss-remoting-5.0.18-1.Final_redhat_00001.1.el6eap.src.rpm\neap7-jboss-remoting-jmx-3.0.4-1.Final_redhat_00001.1.el6eap.src.rpm\neap7-jboss-server-migration-1.7.1-5.Final_redhat_00006.1.el6eap.src.rpm\neap7-jboss-vfs-3.2.15-1.Final_redhat_00001.1.el6eap.src.rpm\neap7-jboss-weld-3.1-api-3.1.0-6.SP2_redhat_00001.1.el6eap.src.rpm\neap7-microprofile-config-1.4.0-1.redhat_00003.1.el6eap.src.rpm\neap7-microprofile-health-2.2.0-1.redhat_00001.1.el6eap.src.rpm\neap7-microprofile-metrics-2.3.0-1.redhat_00001.1.el6eap.src.rpm\neap7-microprofile-opentracing-1.3.3-1.redhat_00001.1.el6eap.src.rpm\neap7-microprofile-rest-client-1.4.0-1.redhat_00004.1.el6eap.src.rpm\neap7-opensaml-3.3.1-1.redhat_00002.1.el6eap.src.rpm\neap7-picketbox-5.0.3-7.Final_redhat_00006.1.el6eap.src.rpm\neap7-picketlink-bindings-2.5.5-23.SP12_redhat_00012.1.el6eap.src.rpm\neap7-resteasy-3.11.2-3.Final_redhat_00002.1.el6eap.src.rpm\neap7-slf4j-jboss-logmanager-1.0.4-1.GA_redhat_00001.1.el6eap.src.rpm\neap7-smallrye-config-1.6.2-3.redhat_00004.1.el6eap.src.rpm\neap7-smallrye-health-2.2.0-1.redhat_00004.1.el6eap.src.rpm\neap7-smallrye-metrics-2.4.0-1.redhat_00004.1.el6eap.src.rpm\neap7-smallrye-opentracing-1.3.4-1.redhat_00004.1.el6eap.src.rpm\neap7-snakeyaml-1.24.0-2.redhat_00001.1.el6eap.src.rpm\neap7-stax2-api-4.2.0-1.redhat_00001.1.el6eap.src.rpm\neap7-sun-istack-commons-3.0.10-1.redhat_00001.1.el6eap.src.rpm\neap7-undertow-2.0.30-3.SP3_redhat_00001.1.el6eap.src.rpm\neap7-weld-core-3.1.4-1.Final_redhat_00001.1.el6eap.src.rpm\neap7-wildfly-7.3.1-5.GA_redhat_00003.1.el6eap.src.rpm\neap7-wildfly-elytron-1.10.6-1.Final_redhat_00001.1.el6eap.src.rpm\neap7-wildfly-http-client-1.0.20-1.Final_redhat_00001.1.el6eap.src.rpm\neap7-wildfly-naming-client-1.0.12-1.Final_redhat_00001.1.el6eap.src.rpm\neap7-wildfly-transaction-client-1.1.11-1.Final_redhat_00001.1.el6eap.src.rpm\neap7-woodstox-core-6.0.3-1.redhat_00001.1.el6eap.src.rpm\neap7-wss4j-2.2.5-1.redhat_00001.1.el6eap.src.rpm\n\nnoarch:\neap7-activemq-artemis-2.9.0-4.redhat_00010.1.el6eap.noarch.rpm\neap7-activemq-artemis-cli-2.9.0-4.redhat_00010.1.el6eap.noarch.rpm\neap7-activemq-artemis-commons-2.9.0-4.redhat_00010.1.el6eap.noarch.rpm\neap7-activemq-artemis-core-client-2.9.0-4.redhat_00010.1.el6eap.noarch.rpm\neap7-activemq-artemis-dto-2.9.0-4.redhat_00010.1.el6eap.noarch.rpm\neap7-activemq-artemis-hornetq-protocol-2.9.0-4.redhat_00010.1.el6eap.noarch.rpm\neap7-activemq-artemis-hqclient-protocol-2.9.0-4.redhat_00010.1.el6eap.noarch.rpm\neap7-activemq-artemis-jdbc-store-2.9.0-4.redhat_00010.1.el6eap.noarch.rpm\neap7-activemq-artemis-jms-client-2.9.0-4.redhat_00010.1.el6eap.noarch.rpm\neap7-activemq-artemis-jms-server-2.9.0-4.redhat_00010.1.el6eap.noarch.rpm\neap7-activemq-artemis-journal-2.9.0-4.redhat_00010.1.el6eap.noarch.rpm\neap7-activemq-artemis-ra-2.9.0-4.redhat_00010.1.el6eap.noarch.rpm\neap7-activemq-artemis-selector-2.9.0-4.redhat_00010.1.el6eap.noarch.rpm\neap7-activemq-artemis-server-2.9.0-4.redhat_00010.1.el6eap.noarch.rpm\neap7-activemq-artemis-service-extensions-2.9.0-4.redhat_00010.1.el6eap.noarch.rpm\neap7-activemq-artemis-tools-2.9.0-4.redhat_00010.1.el6eap.noarch.rpm\neap7-apache-cxf-3.3.5-1.redhat_00001.1.el6eap.noarch.rpm\neap7-apache-cxf-rt-3.3.5-1.redhat_00001.1.el6eap.noarch.rpm\neap7-apache-cxf-services-3.3.5-1.redhat_00001.1.el6eap.noarch.rpm\neap7-apache-cxf-tools-3.3.5-1.redhat_00001.1.el6eap.noarch.rpm\neap7-bouncycastle-1.60.0-2.redhat_00002.1.el6eap.noarch.rpm\neap7-bouncycastle-mail-1.60.0-2.redhat_00002.1.el6eap.noarch.rpm\neap7-bouncycastle-pkix-1.60.0-2.redhat_00002.1.el6eap.noarch.rpm\neap7-bouncycastle-prov-1.60.0-2.redhat_00002.1.el6eap.noarch.rpm\neap7-codehaus-jackson-1.9.13-10.redhat_00007.1.el6eap.noarch.rpm\neap7-codehaus-jackson-core-asl-1.9.13-10.redhat_00007.1.el6eap.noarch.rpm\neap7-codehaus-jackson-jaxrs-1.9.13-10.redhat_00007.1.el6eap.noarch.rpm\neap7-codehaus-jackson-mapper-asl-1.9.13-10.redhat_00007.1.el6eap.noarch.rpm\neap7-codehaus-jackson-xc-1.9.13-10.redhat_00007.1.el6eap.noarch.rpm\neap7-codemodel-2.3.3-4.b02_redhat_00001.1.el6eap.noarch.rpm\neap7-cryptacular-1.2.4-1.redhat_00001.1.el6eap.noarch.rpm\neap7-glassfish-jaxb-2.3.3-4.b02_redhat_00001.1.el6eap.noarch.rpm\neap7-glassfish-jsf-2.3.9-10.SP09_redhat_00001.1.el6eap.noarch.rpm\neap7-hal-console-3.2.8-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-hibernate-5.3.16-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-hibernate-core-5.3.16-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-hibernate-entitymanager-5.3.16-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-hibernate-envers-5.3.16-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-hibernate-java8-5.3.16-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-infinispan-9.4.18-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-infinispan-cachestore-jdbc-9.4.18-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-infinispan-cachestore-remote-9.4.18-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-infinispan-client-hotrod-9.4.18-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-infinispan-commons-9.4.18-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-infinispan-core-9.4.18-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-infinispan-hibernate-cache-commons-9.4.18-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-infinispan-hibernate-cache-spi-9.4.18-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-infinispan-hibernate-cache-v53-9.4.18-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-ironjacamar-1.4.20-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-ironjacamar-common-api-1.4.20-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-ironjacamar-common-impl-1.4.20-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-ironjacamar-common-spi-1.4.20-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-ironjacamar-core-api-1.4.20-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-ironjacamar-core-impl-1.4.20-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-ironjacamar-deployers-common-1.4.20-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-ironjacamar-jdbc-1.4.20-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-ironjacamar-validator-1.4.20-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-istack-commons-runtime-3.0.10-1.redhat_00001.1.el6eap.noarch.rpm\neap7-istack-commons-tools-3.0.10-1.redhat_00001.1.el6eap.noarch.rpm\neap7-jackson-annotations-2.10.3-1.redhat_00001.1.el6eap.noarch.rpm\neap7-jackson-core-2.10.3-1.redhat_00001.1.el6eap.noarch.rpm\neap7-jackson-databind-2.10.3-1.redhat_00001.1.el6eap.noarch.rpm\neap7-jackson-datatype-jdk8-2.10.3-1.redhat_00001.1.el6eap.noarch.rpm\neap7-jackson-datatype-jsr310-2.10.3-1.redhat_00001.1.el6eap.noarch.rpm\neap7-jackson-jaxrs-base-2.10.3-1.redhat_00001.1.el6eap.noarch.rpm\neap7-jackson-jaxrs-json-provider-2.10.3-1.redhat_00001.1.el6eap.noarch.rpm\neap7-jackson-module-jaxb-annotations-2.10.3-1.redhat_00001.1.el6eap.noarch.rpm\neap7-jackson-modules-base-2.10.3-1.redhat_00001.1.el6eap.noarch.rpm\neap7-jackson-modules-java8-2.10.3-1.redhat_00001.1.el6eap.noarch.rpm\neap7-jaegertracing-jaeger-client-java-0.34.3-1.redhat_00001.1.el6eap.noarch.rpm\neap7-jaegertracing-jaeger-client-java-core-0.34.3-1.redhat_00001.1.el6eap.noarch.rpm\neap7-jaegertracing-jaeger-client-java-thrift-0.34.3-1.redhat_00001.1.el6eap.noarch.rpm\neap7-jakarta-el-3.0.3-1.redhat_00002.1.el6eap.noarch.rpm\neap7-jandex-2.1.2-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-jasypt-1.9.3-1.redhat_00001.1.el6eap.noarch.rpm\neap7-jaxb-jxc-2.3.3-4.b02_redhat_00001.1.el6eap.noarch.rpm\neap7-jaxb-runtime-2.3.3-4.b02_redhat_00001.1.el6eap.noarch.rpm\neap7-jaxb-xjc-2.3.3-4.b02_redhat_00001.1.el6eap.noarch.rpm\neap7-jboss-ejb-client-4.0.31-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-jboss-genericjms-2.0.4-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-jboss-jsf-api_2.3_spec-3.0.0-3.SP02_redhat_00001.1.el6eap.noarch.rpm\neap7-jboss-modules-1.10.0-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-jboss-remoting-5.0.18-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-jboss-remoting-jmx-3.0.4-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-jboss-server-migration-1.7.1-5.Final_redhat_00006.1.el6eap.noarch.rpm\neap7-jboss-server-migration-cli-1.7.1-5.Final_redhat_00006.1.el6eap.noarch.rpm\neap7-jboss-server-migration-core-1.7.1-5.Final_redhat_00006.1.el6eap.noarch.rpm\neap7-jboss-server-migration-eap6.4-1.7.1-5.Final_redhat_00006.1.el6eap.noarch.rpm\neap7-jboss-server-migration-eap6.4-to-eap7.3-1.7.1-5.Final_redhat_00006.1.el6eap.noarch.rpm\neap7-jboss-server-migration-eap7.0-1.7.1-5.Final_redhat_00006.1.el6eap.noarch.rpm\neap7-jboss-server-migration-eap7.1-1.7.1-5.Final_redhat_00006.1.el6eap.noarch.rpm\neap7-jboss-server-migration-eap7.2-1.7.1-5.Final_redhat_00006.1.el6eap.noarch.rpm\neap7-jboss-server-migration-eap7.2-to-eap7.3-1.7.1-5.Final_redhat_00006.1.el6eap.noarch.rpm\neap7-jboss-server-migration-eap7.3-server-1.7.1-5.Final_redhat_00006.1.el6eap.noarch.rpm\neap7-jboss-server-migration-wildfly10.0-1.7.1-5.Final_redhat_00006.1.el6eap.noarch.rpm\neap7-jboss-server-migration-wildfly10.1-1.7.1-5.Final_redhat_00006.1.el6eap.noarch.rpm\neap7-jboss-server-migration-wildfly11.0-1.7.1-5.Final_redhat_00006.1.el6eap.noarch.rpm\neap7-jboss-server-migration-wildfly12.0-1.7.1-5.Final_redhat_00006.1.el6eap.noarch.rpm\neap7-jboss-server-migration-wildfly13.0-server-1.7.1-5.Final_redhat_00006.1.el6eap.noarch.rpm\neap7-jboss-server-migration-wildfly14.0-server-1.7.1-5.Final_redhat_00006.1.el6eap.noarch.rpm\neap7-jboss-server-migration-wildfly15.0-server-1.7.1-5.Final_redhat_00006.1.el6eap.noarch.rpm\neap7-jboss-server-migration-wildfly16.0-server-1.7.1-5.Final_redhat_00006.1.el6eap.noarch.rpm\neap7-jboss-server-migration-wildfly17.0-server-1.7.1-5.Final_redhat_00006.1.el6eap.noarch.rpm\neap7-jboss-server-migration-wildfly18.0-server-1.7.1-5.Final_redhat_00006.1.el6eap.noarch.rpm\neap7-jboss-server-migration-wildfly8.2-1.7.1-5.Final_redhat_00006.1.el6eap.noarch.rpm\neap7-jboss-server-migration-wildfly9.0-1.7.1-5.Final_redhat_00006.1.el6eap.noarch.rpm\neap7-jboss-vfs-3.2.15-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-jboss-weld-3.1-api-3.1.0-6.SP2_redhat_00001.1.el6eap.noarch.rpm\neap7-jboss-weld-3.1-api-weld-api-3.1.0-6.SP2_redhat_00001.1.el6eap.noarch.rpm\neap7-jboss-weld-3.1-api-weld-spi-3.1.0-6.SP2_redhat_00001.1.el6eap.noarch.rpm\neap7-microprofile-config-1.4.0-1.redhat_00003.1.el6eap.noarch.rpm\neap7-microprofile-config-api-1.4.0-1.redhat_00003.1.el6eap.noarch.rpm\neap7-microprofile-health-2.2.0-1.redhat_00001.1.el6eap.noarch.rpm\neap7-microprofile-metrics-2.3.0-1.redhat_00001.1.el6eap.noarch.rpm\neap7-microprofile-metrics-api-2.3.0-1.redhat_00001.1.el6eap.noarch.rpm\neap7-microprofile-opentracing-1.3.3-1.redhat_00001.1.el6eap.noarch.rpm\neap7-microprofile-opentracing-api-1.3.3-1.redhat_00001.1.el6eap.noarch.rpm\neap7-microprofile-rest-client-1.4.0-1.redhat_00004.1.el6eap.noarch.rpm\neap7-microprofile-rest-client-api-1.4.0-1.redhat_00004.1.el6eap.noarch.rpm\neap7-opensaml-3.3.1-1.redhat_00002.1.el6eap.noarch.rpm\neap7-opensaml-core-3.3.1-1.redhat_00002.1.el6eap.noarch.rpm\neap7-opensaml-profile-api-3.3.1-1.redhat_00002.1.el6eap.noarch.rpm\neap7-opensaml-saml-api-3.3.1-1.redhat_00002.1.el6eap.noarch.rpm\neap7-opensaml-saml-impl-3.3.1-1.redhat_00002.1.el6eap.noarch.rpm\neap7-opensaml-security-api-3.3.1-1.redhat_00002.1.el6eap.noarch.rpm\neap7-opensaml-security-impl-3.3.1-1.redhat_00002.1.el6eap.noarch.rpm\neap7-opensaml-soap-api-3.3.1-1.redhat_00002.1.el6eap.noarch.rpm\neap7-opensaml-xacml-api-3.3.1-1.redhat_00002.1.el6eap.noarch.rpm\neap7-opensaml-xacml-impl-3.3.1-1.redhat_00002.1.el6eap.noarch.rpm\neap7-opensaml-xacml-saml-api-3.3.1-1.redhat_00002.1.el6eap.noarch.rpm\neap7-opensaml-xacml-saml-impl-3.3.1-1.redhat_00002.1.el6eap.noarch.rpm\neap7-opensaml-xmlsec-api-3.3.1-1.redhat_00002.1.el6eap.noarch.rpm\neap7-opensaml-xmlsec-impl-3.3.1-1.redhat_00002.1.el6eap.noarch.rpm\neap7-picketbox-5.0.3-7.Final_redhat_00006.1.el6eap.noarch.rpm\neap7-picketbox-infinispan-5.0.3-7.Final_redhat_00006.1.el6eap.noarch.rpm\neap7-picketlink-bindings-2.5.5-23.SP12_redhat_00012.1.el6eap.noarch.rpm\neap7-picketlink-wildfly8-2.5.5-23.SP12_redhat_00012.1.el6eap.noarch.rpm\neap7-relaxng-datatype-2.3.3-4.b02_redhat_00001.1.el6eap.noarch.rpm\neap7-resteasy-3.11.2-3.Final_redhat_00002.1.el6eap.noarch.rpm\neap7-resteasy-atom-provider-3.11.2-3.Final_redhat_00002.1.el6eap.noarch.rpm\neap7-resteasy-cdi-3.11.2-3.Final_redhat_00002.1.el6eap.noarch.rpm\neap7-resteasy-client-3.11.2-3.Final_redhat_00002.1.el6eap.noarch.rpm\neap7-resteasy-client-microprofile-3.11.2-3.Final_redhat_00002.1.el6eap.noarch.rpm\neap7-resteasy-crypto-3.11.2-3.Final_redhat_00002.1.el6eap.noarch.rpm\neap7-resteasy-jackson-provider-3.11.2-3.Final_redhat_00002.1.el6eap.noarch.rpm\neap7-resteasy-jackson2-provider-3.11.2-3.Final_redhat_00002.1.el6eap.noarch.rpm\neap7-resteasy-jaxb-provider-3.11.2-3.Final_redhat_00002.1.el6eap.noarch.rpm\neap7-resteasy-jaxrs-3.11.2-3.Final_redhat_00002.1.el6eap.noarch.rpm\neap7-resteasy-jettison-provider-3.11.2-3.Final_redhat_00002.1.el6eap.noarch.rpm\neap7-resteasy-jose-jwt-3.11.2-3.Final_redhat_00002.1.el6eap.noarch.rpm\neap7-resteasy-jsapi-3.11.2-3.Final_redhat_00002.1.el6eap.noarch.rpm\neap7-resteasy-json-binding-provider-3.11.2-3.Final_redhat_00002.1.el6eap.noarch.rpm\neap7-resteasy-json-p-provider-3.11.2-3.Final_redhat_00002.1.el6eap.noarch.rpm\neap7-resteasy-multipart-provider-3.11.2-3.Final_redhat_00002.1.el6eap.noarch.rpm\neap7-resteasy-rxjava2-3.11.2-3.Final_redhat_00002.1.el6eap.noarch.rpm\neap7-resteasy-spring-3.11.2-3.Final_redhat_00002.1.el6eap.noarch.rpm\neap7-resteasy-validator-provider-11-3.11.2-3.Final_redhat_00002.1.el6eap.noarch.rpm\neap7-resteasy-yaml-provider-3.11.2-3.Final_redhat_00002.1.el6eap.noarch.rpm\neap7-rngom-2.3.3-4.b02_redhat_00001.1.el6eap.noarch.rpm\neap7-slf4j-jboss-logmanager-1.0.4-1.GA_redhat_00001.1.el6eap.noarch.rpm\neap7-smallrye-config-1.6.2-3.redhat_00004.1.el6eap.noarch.rpm\neap7-smallrye-health-2.2.0-1.redhat_00004.1.el6eap.noarch.rpm\neap7-smallrye-metrics-2.4.0-1.redhat_00004.1.el6eap.noarch.rpm\neap7-smallrye-opentracing-1.3.4-1.redhat_00004.1.el6eap.noarch.rpm\neap7-snakeyaml-1.24.0-2.redhat_00001.1.el6eap.noarch.rpm\neap7-stax2-api-4.2.0-1.redhat_00001.1.el6eap.noarch.rpm\neap7-sun-istack-commons-3.0.10-1.redhat_00001.1.el6eap.noarch.rpm\neap7-txw2-2.3.3-4.b02_redhat_00001.1.el6eap.noarch.rpm\neap7-undertow-2.0.30-3.SP3_redhat_00001.1.el6eap.noarch.rpm\neap7-undertow-server-1.6.1-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-weld-core-3.1.4-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-weld-core-impl-3.1.4-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-weld-core-jsf-3.1.4-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-weld-ejb-3.1.4-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-weld-jta-3.1.4-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-weld-probe-core-3.1.4-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-weld-web-3.1.4-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-wildfly-7.3.1-5.GA_redhat_00003.1.el6eap.noarch.rpm\neap7-wildfly-elytron-1.10.6-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-wildfly-elytron-tool-1.10.6-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-wildfly-http-client-common-1.0.20-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-wildfly-http-ejb-client-1.0.20-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-wildfly-http-naming-client-1.0.20-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-wildfly-http-transaction-client-1.0.20-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-wildfly-javadocs-7.3.1-5.GA_redhat_00003.1.el6eap.noarch.rpm\neap7-wildfly-modules-7.3.1-5.GA_redhat_00003.1.el6eap.noarch.rpm\neap7-wildfly-naming-client-1.0.12-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-wildfly-transaction-client-1.1.11-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-woodstox-core-6.0.3-1.redhat_00001.1.el6eap.noarch.rpm\neap7-wss4j-2.2.5-1.redhat_00001.1.el6eap.noarch.rpm\neap7-wss4j-bindings-2.2.5-1.redhat_00001.1.el6eap.noarch.rpm\neap7-wss4j-policy-2.2.5-1.redhat_00001.1.el6eap.noarch.rpm\neap7-wss4j-ws-security-common-2.2.5-1.redhat_00001.1.el6eap.noarch.rpm\neap7-wss4j-ws-security-dom-2.2.5-1.redhat_00001.1.el6eap.noarch.rpm\neap7-wss4j-ws-security-policy-stax-2.2.5-1.redhat_00001.1.el6eap.noarch.rpm\neap7-wss4j-ws-security-stax-2.2.5-1.redhat_00001.1.el6eap.noarch.rpm\neap7-xsom-2.3.3-4.b02_redhat_00001.1.el6eap.noarch.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n8. References:\n\nhttps://access.redhat.com/security/cve/CVE-2018-14371\nhttps://access.redhat.com/security/cve/CVE-2019-0205\nhttps://access.redhat.com/security/cve/CVE-2019-0210\nhttps://access.redhat.com/security/cve/CVE-2019-10172\nhttps://access.redhat.com/security/cve/CVE-2019-12423\nhttps://access.redhat.com/security/cve/CVE-2019-14887\nhttps://access.redhat.com/security/cve/CVE-2019-17573\nhttps://access.redhat.com/security/cve/CVE-2020-1695\nhttps://access.redhat.com/security/cve/CVE-2020-1729\nhttps://access.redhat.com/security/cve/CVE-2020-1745\nhttps://access.redhat.com/security/cve/CVE-2020-1757\nhttps://access.redhat.com/security/cve/CVE-2020-6950\nhttps://access.redhat.com/security/cve/CVE-2020-7226\nhttps://access.redhat.com/security/cve/CVE-2020-8840\nhttps://access.redhat.com/security/cve/CVE-2020-9546\nhttps://access.redhat.com/security/cve/CVE-2020-9547\nhttps://access.redhat.com/security/cve/CVE-2020-9548\nhttps://access.redhat.com/security/cve/CVE-2020-10688\nhttps://access.redhat.com/security/cve/CVE-2020-10719\nhttps://access.redhat.com/security/updates/classification/#important\nhttps://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/\nhttps://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/html-single/installation_guide/\n\n9. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2020 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBXuEwDdzjgjWX9erEAQj5vA//da7dJ0mPXDfnjDddloLp4GhZFSzpMf+8\nXOA1pa8mFiDSXeJd4LoO3jDTPQnOsvnLX/4WoMFK227o+mKMWo74ArjeEg9EosT3\nYaqI77IMexUuVjBHnvKygiB8ZYCXLS3PXiC/Ods5I5Xt07uxvsu9bl328RSX2TQR\nfhD/EAbc8vopMD10off7iXSgNh320EW/2GJKhJDoXhdvkZyifc5gu9/SaDq1JH1Q\nol8FyVhdJCiDu1cqw/LBMT1J8BSJuJI+y9b7eqyQ4oZOIhpJ5BsMgcJmmLMjgnBA\nX1b1CtCJy9KbhNgLIqC+og37Bce2MDfAames/HC6wyZyryeChzhVYxhOw25YUk+W\nhBTOfQN273TIEp/Nom/SNYKrG2D9a3ki+7AeGOHRDQbfhBXeogYHftIT+h7sErAe\nEfkGoAE+pGeQiNXLDkSx6eZodxednpK4S8LoysUpkCAyl1Zfd2TjbVGyZNIcOEtO\nkCNtJ0giM7ZccXLnA+aC/X6M0c27pd8sl2eIgkBaLymEoEYW+BgdxSE5HD5hhC/p\nP6WT3nq8R5k0xmRXGXOEK2ireHIjQAfhADmv50YJv4wkbfbXADl1AImiLprgnrGI\ny2sYyVzXGC4APQZJCgUG61wZkRp8QDtnjAdfJujSzuxg3KpE/x1MQJqlnibKflUN\nuvhlMQF+ipU=W6+1\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. \n\nThe References section of this erratum contains a download link (you must\nlog in to download the update). \n\nThe JBoss server process must be restarted for the update to take effect", "sources": [ { "db": "NVD", "id": "CVE-2020-9548" }, { "db": "JVNDB", "id": "JVNDB-2020-002437" }, { "db": "VULHUB", "id": "VHN-187673" }, { "db": "VULMON", "id": "CVE-2020-9548" }, { "db": "PACKETSTORM", "id": "157741" }, { "db": "PACKETSTORM", "id": "158048" }, { "db": "PACKETSTORM", "id": "159081" }, { "db": "PACKETSTORM", "id": "158282" }, { "db": "PACKETSTORM", "id": "158037" }, { "db": "PACKETSTORM", "id": "158047" }, { "db": "PACKETSTORM", "id": "158038" }, { "db": "PACKETSTORM", "id": "159082" } ], "trust": 2.52 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2020-9548", "trust": 3.4 }, { "db": "JVNDB", "id": "JVNDB-2020-002437", "trust": 0.8 }, { "db": "PACKETSTORM", "id": "159083", "trust": 0.7 }, { "db": "PACKETSTORM", "id": "159208", "trust": 0.7 }, { "db": "PACKETSTORM", "id": "159724", "trust": 0.7 }, { "db": "CNNVD", "id": "CNNVD-202003-040", "trust": 0.7 }, { "db": "PACKETSTORM", "id": "158048", "trust": 0.7 }, { "db": "PACKETSTORM", "id": "158282", "trust": 0.7 }, { "db": "AUSCERT", "id": "ESB-2020.3558", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2020.1766", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2020.2287", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2020.2588", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2020.1440", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2020.0828", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2020.2619", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2020.2050", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2020.3065", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2020.2042", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2020.3190", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2020.3703", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2022060909", "trust": 0.6 }, { "db": "NSFOCUS", "id": "46078", "trust": 0.6 }, { "db": "PACKETSTORM", "id": "159082", "trust": 0.2 }, { "db": "PACKETSTORM", "id": "159081", "trust": 0.2 }, { "db": "PACKETSTORM", "id": "159080", "trust": 0.1 }, { "db": "CNVD", "id": "CNVD-2020-15509", "trust": 0.1 }, { "db": "VULHUB", "id": "VHN-187673", "trust": 0.1 }, { "db": "VULMON", "id": "CVE-2020-9548", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "157741", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "158037", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "158047", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "158038", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-187673" }, { "db": "VULMON", "id": "CVE-2020-9548" }, { "db": "JVNDB", "id": "JVNDB-2020-002437" }, { "db": "PACKETSTORM", "id": "157741" }, { "db": "PACKETSTORM", "id": "158048" }, { "db": "PACKETSTORM", "id": "159081" }, { "db": "PACKETSTORM", "id": "158282" }, { "db": "PACKETSTORM", "id": "158037" }, { "db": "PACKETSTORM", "id": "158047" }, { "db": "PACKETSTORM", "id": "158038" }, { "db": "PACKETSTORM", "id": "159082" }, { "db": "CNNVD", "id": "CNNVD-202003-040" }, { "db": "NVD", "id": "CVE-2020-9548" } ] }, "id": "VAR-202003-1782", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-187673" } ], "trust": 0.01 }, "last_update_date": "2024-07-23T21:48:40.941000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Block two more gadget types (ibatis-sqlmap, anteros-core; CVE-2020-9547 / CVE-2020-9548) #2634", "trust": 0.8, "url": "https://github.com/fasterxml/jackson-databind/issues/2634" }, { "title": "hitachi-sec-2020-109", "trust": 0.8, "url": "https://www.hitachi.co.jp/prod/comp/soft1/global/security/info/vuls/hitachi-sec-2020-109/index.html" }, { "title": "hitachi-sec-2020-109", "trust": 0.8, "url": "https://www.hitachi.co.jp/prod/comp/soft1/security/info/vuls/hitachi-sec-2020-109/index.html" }, { "title": "FasterXML jackson-databind Fixes for code issue vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=111241" }, { "title": "Red Hat: Important: Red Hat Single Sign-On 7.4.1 security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20202813 - security advisory" }, { "title": "Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.2.9 on RHEL 7 security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20203638 - security advisory" }, { "title": "Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.3.1 Security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20202515 - security advisory" }, { "title": "Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.2.9 on RHEL 6 security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20203637 - security advisory" }, { "title": "Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.2.9 on RHEL 8 security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20203639 - security advisory" }, { "title": "Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.2.9 security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20203642 - security advisory" }, { "title": "Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.3.1 Security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20202513 - security advisory" }, { "title": "Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.3.1 Security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20202512 - security advisory" }, { "title": "Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.3.1 Security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20202511 - security advisory" }, { "title": "Red Hat: Important: Red Hat Data Grid 7.3.7 security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20203779 - security advisory" }, { "title": "Red Hat: Important: Satellite 6.8 release", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20204366 - security advisory" }, { "title": "Red Hat: Important: Red Hat Decision Manager 7.8.0 Security Update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20203196 - security advisory" }, { "title": "Red Hat: Important: Red Hat Process Automation Manager 7.8.0 Security Update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20203197 - security advisory" }, { "title": "Red Hat: Important: Red Hat build of Thorntail 2.5.1 security and bug fix update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20202067 - security advisory" }, { "title": "Red Hat: Important: Red Hat Fuse 7.7.0 release and security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20203192 - security advisory" }, { "title": "Hitachi Security Advisories: Multiple Vulnerabilities in Hitachi Ops Center Analyzer viewpoint", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=hitachi_security_advisories\u0026qid=hitachi-sec-2020-109" }, { "title": "Hitachi Security Advisories: Multiple Vulnerabilities in Cosminexus", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=hitachi_security_advisories\u0026qid=hitachi-sec-2021-109" }, { "title": "IBM: Security Bulletin: z/Transaction Processing Facility is affected by multiple vulnerabilities in the jackson-databind, jackson-dataformat-xml, jackson-core, slf4j-ext, and cxf-core packages", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=f974282a27702bae4111bf7716ee6cf6" }, { "title": "IBM: Security Bulletin: Multiple vulnerabilities in Data-Binding for Jackson shipped with IBM Operations Analytics \u00e2\u20ac\u201c Log Analysis", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=1db4c8cb14383c63d0c04205c943ef8a" }, { "title": "", "trust": 0.1, "url": "https://github.com/fairyming/cve-2020-9548 " } ], "sources": [ { "db": "VULMON", "id": "CVE-2020-9548" }, { "db": "JVNDB", "id": "JVNDB-2020-002437" }, { "db": "CNNVD", "id": "CNNVD-202003-040" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-502", "trust": 1.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-187673" }, { "db": "JVNDB", "id": "JVNDB-2020-002437" }, { "db": "NVD", "id": "CVE-2020-9548" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.7, "url": "https://security.netapp.com/advisory/ntap-20200904-0006/" }, { "trust": 1.7, "url": "https://github.com/fasterxml/jackson-databind/issues/2634" }, { "trust": 1.7, "url": "https://www.oracle.com/security-alerts/cpujan2021.html" }, { "trust": 1.7, "url": "https://www.oracle.com/security-alerts/cpujul2020.html" }, { "trust": 1.7, "url": "https://www.oracle.com/security-alerts/cpuoct2020.html" }, { "trust": 1.7, "url": "https://www.oracle.com/security-alerts/cpuoct2021.html" }, { "trust": 1.7, "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00008.html" }, { "trust": 1.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-9548" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/r35d30db00440ef63b791c4b7f7acb036e14d4a23afa2a249cb66c0fd%40%3cissues.zookeeper.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/r9464a40d25c3ba1a55622db72f113eb494a889656962d098c70c5bb1%40%3cdev.zookeeper.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/r98c9b6e4c9e17792e2cd1ec3e4aa20b61a791939046d3f10888176bb%40%3cissues.zookeeper.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/rb6fecb5e96a6d61e175ff49f33f2713798dd05cf03067c169d195596%40%3cissues.zookeeper.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/rd5a4457be4623038c3989294429bc063eec433a2e55995d81591e2ca%40%3cissues.zookeeper.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/rdd49ab9565bec436a896bc00c4b9fc9dce1598e106c318524fbdfec6%40%3cissues.zookeeper.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/rdd4df698d5d8e635144d2994922bf0842e933809eae259521f3b5097%40%3cissues.zookeeper.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3cissues.geode.apache.org%3e" }, { "trust": 1.0, "url": "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-9548" }, { "trust": 0.8, "url": "https://access.redhat.com/security/cve/cve-2020-9546" }, { "trust": 0.8, "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce" }, { "trust": 0.8, "url": "https://bugzilla.redhat.com/):" }, { "trust": 0.8, "url": "https://access.redhat.com/security/team/contact/" }, { "trust": 0.8, "url": "https://access.redhat.com/security/cve/cve-2020-9548" }, { "trust": 0.8, "url": "https://access.redhat.com/security/cve/cve-2020-9547" }, { "trust": 0.8, "url": "https://access.redhat.com/security/updates/classification/#important" }, { "trust": 0.8, "url": "https://access.redhat.com/security/cve/cve-2020-8840" }, { "trust": 0.7, "url": "https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062" }, { "trust": 0.7, "url": "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2@%3cissues.geode.apache.org%3e" }, { "trust": 0.7, "url": "https://lists.apache.org/thread.html/r9464a40d25c3ba1a55622db72f113eb494a889656962d098c70c5bb1@%3cdev.zookeeper.apache.org%3e" }, { "trust": 0.7, "url": "https://lists.apache.org/thread.html/rb6fecb5e96a6d61e175ff49f33f2713798dd05cf03067c169d195596@%3cissues.zookeeper.apache.org%3e" }, { "trust": 0.7, "url": "https://lists.apache.org/thread.html/rdd49ab9565bec436a896bc00c4b9fc9dce1598e106c318524fbdfec6@%3cissues.zookeeper.apache.org%3e" }, { "trust": 0.7, "url": "https://lists.apache.org/thread.html/r35d30db00440ef63b791c4b7f7acb036e14d4a23afa2a249cb66c0fd@%3cissues.zookeeper.apache.org%3e" }, { "trust": 0.7, "url": "https://lists.apache.org/thread.html/r98c9b6e4c9e17792e2cd1ec3e4aa20b61a791939046d3f10888176bb@%3cissues.zookeeper.apache.org%3e" }, { "trust": 0.7, "url": "https://lists.apache.org/thread.html/rd5a4457be4623038c3989294429bc063eec433a2e55995d81591e2ca@%3cissues.zookeeper.apache.org%3e" }, { "trust": 0.7, "url": "https://lists.apache.org/thread.html/rdd4df698d5d8e635144d2994922bf0842e933809eae259521f3b5097@%3cissues.zookeeper.apache.org%3e" }, { "trust": 0.7, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-9547" }, { "trust": 0.7, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-9546" }, { "trust": 0.7, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-8840" }, { "trust": 0.6, "url": "https://issues.jboss.org/):" }, { "trust": 0.6, "url": "https://access.redhat.com/security/cve/cve-2020-6950" }, { "trust": 0.6, "url": "https://access.redhat.com/security/cve/cve-2020-1695" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-1695" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-6950" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-in-jackson-databind-affect-ibm-sterling-b2b-integrator/" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-fasterxml-jackson-databind-affect-ibm-spectrum-protect-plus-cve-2020-9548-cve-2020-9546-cve-2020-9547-cve-2020-8840-cve-2019-20330/" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022060909" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-series-of-vulnerabilities-in-fasterxml-jackson-databind-affect-apache-solr-shipped-with-ibm-operations-analytics-log-analysis/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.3703/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.2287/" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-watson-discovery-for-ibm-cloud-pak-for-data-affected-by-vulnerability-in-fasterxml-jackson-databind-6/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.2588/" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-jackson-databind-publicly-disclosed-vulnerability-found-in-network-performance-insight/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.2619/" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-jackson-databind-affect-ibm-platform-symphony-and-ibm-spectrum-symphony-3/" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-data-risk-manager-is-affected-by-multiple-vulnerabilities/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.1766/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.3558/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.2050/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.0828/" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/158048/red-hat-security-advisory-2020-2512-01.html" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.2042/" }, { "trust": 0.6, "url": "https://vigilance.fr/vulnerability/fasterxml-jackson-databind-code-execution-via-anteros-core-31738" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/158282/red-hat-security-advisory-2020-2813-01.html" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/159208/red-hat-security-advisory-2020-3779-01.html" }, { "trust": 0.6, "url": "https://www.ibm.com/support/pages/node/6528214" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.3190/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.1440/" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/159724/red-hat-security-advisory-2020-4366-01.html" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/159083/red-hat-security-advisory-2020-3642-01.html" }, { "trust": 0.6, "url": "http://www.nsfocus.net/vulndb/46078" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.3065/" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-0210" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-0205" }, { "trust": 0.5, "url": "https://access.redhat.com/security/cve/cve-2019-0210" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14887" }, { "trust": 0.5, "url": "https://access.redhat.com/security/cve/cve-2020-1729" }, { "trust": 0.5, "url": "https://access.redhat.com/security/cve/cve-2019-0205" }, { "trust": 0.5, "url": "https://access.redhat.com/security/cve/cve-2019-14887" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-10719" }, { "trust": 0.5, "url": "https://access.redhat.com/articles/11258" }, { "trust": 0.5, "url": "https://access.redhat.com/security/cve/cve-2020-10719" }, { "trust": 0.5, "url": "https://access.redhat.com/security/team/key/" }, { "trust": 0.4, "url": "https://access.redhat.com/security/cve/cve-2019-10172" }, { "trust": 0.4, "url": "https://access.redhat.com/security/cve/cve-2019-17573" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-1745" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-10688" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-17573" }, { "trust": 0.4, "url": "https://access.redhat.com/security/cve/cve-2020-7226" }, { "trust": 0.4, "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/html-single/installation_guide/" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-10172" }, { "trust": 0.4, "url": "https://access.redhat.com/security/cve/cve-2020-10688" }, { "trust": 0.4, "url": "https://access.redhat.com/security/cve/cve-2020-1757" }, { "trust": 0.4, "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-1729" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-7226" }, { "trust": 0.4, "url": "https://access.redhat.com/security/cve/cve-2019-12423" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-12423" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-14371" }, { "trust": 0.4, "url": "https://access.redhat.com/security/cve/cve-2018-14371" }, { "trust": 0.4, "url": "https://access.redhat.com/security/cve/cve-2020-1745" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-1757" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2020-10672" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2020-10673" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-1710" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-10740" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-14297" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-10693" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-10687" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-10714" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-14297" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14900" }, { "trust": 0.2, "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.2/html-single/installation_guide/" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-10683" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-10714" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-10672" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-10683" }, { "trust": 0.2, "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.2/" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-10693" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-10687" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-14900" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-14307" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-10740" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-14307" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-1710" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-10718" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-10718" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-1748" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-1748" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-10673" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-16335" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-11112" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-3875" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-11113" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-10968" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-14832" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-16943" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-10201" }, { "trust": 0.1, "url": "https://access.redhat.com/documentation/en-us/red_hat_build_of_thorntail/2.5/html/release_notes_for_thorntail_2.5/" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-9515" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-11619" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2020:2067" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-3875" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-20330" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14838" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-12406" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9514" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9511" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-12400" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-9514" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-20330" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-12419" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-17531" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-16335" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-10086" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-10219" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-7238" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14832" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-17531" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-14540" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-17267" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-10199" }, { "trust": 0.1, "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=catrhoar.thorntail\u0026version=2.5.1" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-9511" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-16942" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-12406" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14892" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-10201" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-16943" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-10969" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-11620" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-12419" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9512" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-17267" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-14893" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-11111" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-10199" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-16942" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14893" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-14888" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-9512" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-12400" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-14838" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-14892" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-10219" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-10086" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14540" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-14820" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14820" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14888" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2020:2512" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2020:3637" }, { "trust": 0.1, "url": "https://access.redhat.com/documentation/en-us/red_hat_single_sign-on/7.4/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-11023" }, { "trust": 0.1, "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=securitypatches\u0026product=core.service.rhsso\u0026version=7.4" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-10748" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-11023" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-11022" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-1694" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-10748" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-1714" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2020:2813" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-1714" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-11022" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-1694" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2020:2511" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2020:2513" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2020:2515" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2020:3638" } ], "sources": [ { "db": "VULHUB", "id": "VHN-187673" }, { "db": "JVNDB", "id": "JVNDB-2020-002437" }, { "db": "PACKETSTORM", "id": "157741" }, { "db": "PACKETSTORM", "id": "158048" }, { "db": "PACKETSTORM", "id": "159081" }, { "db": "PACKETSTORM", "id": "158282" }, { "db": "PACKETSTORM", "id": "158037" }, { "db": "PACKETSTORM", "id": "158047" }, { "db": "PACKETSTORM", "id": "158038" }, { "db": "PACKETSTORM", "id": "159082" }, { "db": "CNNVD", "id": "CNNVD-202003-040" }, { "db": "NVD", "id": "CVE-2020-9548" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULHUB", "id": "VHN-187673" }, { "db": "VULMON", "id": "CVE-2020-9548" }, { "db": "JVNDB", "id": "JVNDB-2020-002437" }, { "db": "PACKETSTORM", "id": "157741" }, { "db": "PACKETSTORM", "id": "158048" }, { "db": "PACKETSTORM", "id": "159081" }, { "db": "PACKETSTORM", "id": "158282" }, { "db": "PACKETSTORM", "id": "158037" }, { "db": "PACKETSTORM", "id": "158047" }, { "db": "PACKETSTORM", "id": "158038" }, { "db": "PACKETSTORM", "id": "159082" }, { "db": "CNNVD", "id": "CNNVD-202003-040" }, { "db": "NVD", "id": "CVE-2020-9548" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2020-03-02T00:00:00", "db": "VULHUB", "id": "VHN-187673" }, { "date": "2020-03-02T00:00:00", "db": "VULMON", "id": "CVE-2020-9548" }, { "date": "2020-03-16T00:00:00", "db": "JVNDB", "id": "JVNDB-2020-002437" }, { "date": "2020-05-18T16:42:53", "db": "PACKETSTORM", "id": "157741" }, { "date": "2020-06-11T16:36:20", "db": "PACKETSTORM", "id": "158048" }, { "date": "2020-09-07T16:38:23", "db": "PACKETSTORM", "id": "159081" }, { "date": "2020-07-02T15:43:25", "db": "PACKETSTORM", "id": "158282" }, { "date": "2020-06-11T16:34:17", "db": "PACKETSTORM", "id": "158037" }, { "date": "2020-06-11T16:36:11", "db": "PACKETSTORM", "id": "158047" }, { "date": "2020-06-11T16:34:25", "db": "PACKETSTORM", "id": "158038" }, { "date": "2020-09-07T16:39:28", "db": "PACKETSTORM", "id": "159082" }, { "date": "2020-03-02T00:00:00", "db": "CNNVD", "id": "CNNVD-202003-040" }, { "date": "2020-03-02T04:15:11.077000", "db": "NVD", "id": "CVE-2020-9548" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-12-02T00:00:00", "db": "VULHUB", "id": "VHN-187673" }, { "date": "2023-11-07T00:00:00", "db": "VULMON", "id": "CVE-2020-9548" }, { "date": "2020-04-27T00:00:00", "db": "JVNDB", "id": "JVNDB-2020-002437" }, { "date": "2022-06-10T00:00:00", "db": "CNNVD", "id": "CNNVD-202003-040" }, { "date": "2023-11-07T03:26:58.833000", "db": "NVD", "id": "CVE-2020-9548" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "PACKETSTORM", "id": "159081" }, { "db": "PACKETSTORM", "id": "159082" }, { "db": "CNNVD", "id": "CNNVD-202003-040" } ], "trust": 0.8 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "FasterXML jackson-databind Unreliable data deserialization vulnerability in", "sources": [ { "db": "JVNDB", "id": "JVNDB-2020-002437" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "code problem", "sources": [ { "db": "CNNVD", "id": "CNNVD-202003-040" } ], "trust": 0.6 } }
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.