var-202203-1400
Vulnerability from variot
jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects. The purpose of this text-only errata is to inform you about the security issues fixed in this release. Description:
Red Hat Process Automation Manager is an open source business process management suite that combines process management and decision service management and enables business and IT users to create, manage, validate, and deploy process applications and decision services.
Security Fix(es):
-
chart.js: prototype pollution (CVE-2020-7746)
-
moment: inefficient parsing algorithm resulting in DoS (CVE-2022-31129)
-
package immer before 9.0.6. A type confusion vulnerability can lead to a bypass of CVE-2020-28477 (CVE-2021-23436)
-
artemis-commons: Apache ActiveMQ Artemis DoS (CVE-2022-23913)
-
Business-central: Possible XML External Entity Injection attack (CVE-2022-2458)
-
cross-fetch: Exposure of Private Personal Information to an Unauthorized Actor (CVE-2022-1365)
-
jackson-databind: denial of service via a large depth of nested objects (CVE-2020-36518)
-
jdbc-postgresql: postgresql-jdbc: Arbitrary File Write Vulnerability (CVE-2022-26520)
-
jdbc-postgresql: Unchecked Class Instantiation when providing Plugin Classes (CVE-2022-21724)
-
Moment.js: Path traversal in moment.locale (CVE-2022-24785)
-
org.drools-droolsjbpm-integration: minimist: prototype pollution (CVE-2021-44906)
-
org.kie.workbench-kie-wb-common: minimist: prototype pollution (CVE-2021-44906)
-
parse-url: Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository ionicabizau/parse-url (CVE-2022-0722)
-
xercesimpl: xerces-j2: infinite loop when handling specially crafted XML document payloads (CVE-2022-23437)
-
eventsource: Exposure of Sensitive Information (CVE-2022-1650)
-
mysql-connector-java: Difficult to exploit vulnerability allows a high privileged attacker with network access via multiple protocols to compromise MySQL Connectors (CVE-2022-21363)
-
node-fetch: exposure of sensitive information to an unauthorized actor (CVE-2022-0235)
-
node-forge: Signature verification failing to check tailing garbage bytes can lead to signature forgery (CVE-2022-24772)
-
node-forge: Signature verification leniency in checking
digestAlgorithm
structure can lead to signature forgery (CVE-2022-24771)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution:
For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.
Red Hat recommends that you halt the server by stopping the JBoss Application Server process before installing this update. After installing the update, restart the server by starting the JBoss Application Server process.
The References section of this erratum contains a download link. You must log in to download the update. Bugs fixed (https://bugzilla.redhat.com/):
2041833 - CVE-2021-23436 immer: type confusion vulnerability can lead to a bypass of CVE-2020-28477
2044591 - CVE-2022-0235 node-fetch: exposure of sensitive information to an unauthorized actor
2047200 - CVE-2022-23437 xerces-j2: infinite loop when handling specially crafted XML document payloads
2047343 - CVE-2022-21363 mysql-connector-java: Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors
2050863 - CVE-2022-21724 jdbc-postgresql: Unchecked Class Instantiation when providing Plugin Classes
2063601 - CVE-2022-23913 artemis-commons: Apache ActiveMQ Artemis DoS
2064007 - CVE-2022-26520 postgresql-jdbc: Arbitrary File Write Vulnerability
2064698 - CVE-2020-36518 jackson-databind: denial of service via a large depth of nested objects
2066009 - CVE-2021-44906 minimist: prototype pollution
2067387 - CVE-2022-24771 node-forge: Signature verification leniency in checking digestAlgorithm
structure can lead to signature forgery
2067458 - CVE-2022-24772 node-forge: Signature verification failing to check tailing garbage bytes can lead to signature forgery
2072009 - CVE-2022-24785 Moment.js: Path traversal in moment.locale
2076133 - CVE-2022-1365 cross-fetch: Exposure of Private Personal Information to an Unauthorized Actor
2085307 - CVE-2022-1650 eventsource: Exposure of Sensitive Information
2096966 - CVE-2020-7746 chart.js: prototype pollution
2103584 - CVE-2022-0722 parse-url: Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository ionicabizau/parse-url
2105075 - CVE-2022-31129 moment: inefficient parsing algorithm resulting in DoS
2107994 - CVE-2022-2458 Business-central: Possible XML External Entity Injection attack
- Description:
Red Hat Single Sign-On 7.5 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied. Bugs fixed (https://bugzilla.redhat.com/):
2031958 - CVE-2021-43797 netty: control chars in header names may lead to HTTP request smuggling 2039403 - CVE-2021-42392 h2: Remote Code Execution in Console 2040268 - CVE-2022-0225 keycloak: Stored XSS in groups dropdown 2060929 - CVE-2022-0866 wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled 2064226 - CVE-2022-0084 xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr 2064698 - CVE-2020-36518 jackson-databind: denial of service via a large depth of nested objects 2101942 - CVE-2022-2256 keycloak: improper input validation permits script injection 2115392 - CVE-2022-2668 keycloak: Uploading of SAML javascript protocol mapper scripts through the admin console
- Relevant releases/architectures:
Red Hat Enterprise Linux AppStream (v. 9) - noarch
- Description:
Jackson is a suite of data-processing tools for Java, including the flagship streaming JSON parser / generator library, matching data-binding library, and additional modules to process data encoded in various other data formats.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.2 Release Notes linked from the References section. Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
- Package List:
Red Hat Enterprise Linux AppStream (v. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
===================================================================== Red Hat Security Advisory
Synopsis: Moderate: Red Hat Data Grid 8.3.1 security update Advisory ID: RHSA-2022:2232-01 Product: Red Hat JBoss Data Grid Advisory URL: https://access.redhat.com/errata/RHSA-2022:2232 Issue date: 2022-05-12 CVE Names: CVE-2020-36518 CVE-2021-38153 CVE-2022-0084 =====================================================================
- Summary:
An update for Red Hat Data Grid is now available.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Description:
Red Hat Data Grid is an in-memory, distributed, NoSQL datastore solution. It increases application response times and allows for dramatically improving performance while providing availability, reliability, and elastic scale.
Data Grid 8.3.1 replaces Data Grid 8.3.0 and includes bug fixes and enhancements. Find out more about Data Grid 8.3.1 in the Release Notes[3].
Security Fix(es):
-
jackson-databind: denial of service via a large depth of nested objects [jdg-8] (CVE-2020-36518)
-
kafka-clients: Kafka: Timing Attack Vulnerability for Apache Kafka Connect and Clients [jdg-8] (CVE-2021-38153)
-
xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr [jdg-8] (CVE-2022-0084)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
- Solution:
To install this update, do the following:
- Download the Data Grid 8.3.1 Server patch from the customer portal[²].
- Back up your existing Data Grid installation. You should back up databases, configuration files, and so on.
- Install the Data Grid 8.3.1 Server patch.
- Restart Data Grid to ensure the changes take effect.
For more information about Data Grid 8.3.1, refer to the 8.3.1 Release Notes[³]
- Bugs fixed (https://bugzilla.redhat.com/):
2009041 - CVE-2021-38153 Kafka: Timing Attack Vulnerability for Apache Kafka Connect and Clients 2064226 - CVE-2022-0084 xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr 2064698 - CVE-2020-36518 jackson-databind: denial of service via a large depth of nested objects
- References:
https://access.redhat.com/security/cve/CVE-2020-36518 https://access.redhat.com/security/cve/CVE-2021-38153 https://access.redhat.com/security/cve/CVE-2022-0084 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=data.grid&downloadType=securityPatches&version=8.3 https://access.redhat.com/documentation/en-us/red_hat_data_grid/8.3/html-single/red_hat_data_grid_8.3_release_notes/index
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBYn0zH9zjgjWX9erEAQhZLw/+JPEE+waFwwS+b4v4/LLIwTjtFhXPqZYP WArn7i/vjG6ktOsZU397wdlik4Sv+tmPVX+aElmXLnTALJiOsm7iWjEjuT8qPhqt c2V9xN6vEQC7V1IXdwbUQwlkt3r40XbfhsGc4KKHjA8J5fWECwkByM5ofQ4j59jO lxpIPa5yRjCV8/4p7lKAXFYMeBInZtb8i4c7pYVnA9Eq+o2bRpV9P3/ES9q8xGF8 yVBC1Gt/fDZlmDznxlzUEih4HMxmW1uwQhZFHbw6jp6D0bYCn1wWrC6y7FYUmRJ6 /13BnHV27naz+xBGuSA6EB+AKmzlA85NyIimN2h63AT8VJb2IYv0vM2JMb0JRdK0 8SAE6hYmjodKxVcqANsBRiiea3vR9GTLN71zCXP8Pmk0dsI1GK29s574QuxUpKSQ YY8vXaL0K3j35IsGzmr7AvlYCQr1d3GPFaTnnj3XK+asRDMDrFvw8sCsNjLGRgHI dzZdcjpnIi3DXsp3ic1qRbZHpd9C/3o1r7hU++/nkkNNKXjGmzU+EAutaVHXxgLO XyuIIScDVb5kNrBpH5krzqU2TA31TFz0RGN5Am6vm8zc5rGyW7iMijAAreU8icgn Vt6KDpeDYuTffOBgo9WLR7kmo4xq7w94e1rDFxmGhL2OlsJI7S9gTxMhn/lONxTy IZnZKy4mPpA= =6Kqs -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . JIRA issues fixed (https://issues.jboss.org/):
LOG-3250 - [release-5.4] FluentdQueueLengthIncreasing rule failing to be evaluated. LOG-3252 - [release-5.4]Adding Valid Subscription Annotation
6
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202203-1400", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "utilities framework", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "4.3.0.6.0" }, { "model": "financial services trade-based anti money laundering", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "8.0.7" }, { "model": "communications cloud native core console", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "1.9.0" }, { "model": "primavera p6 enterprise project portfolio management", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "17.12.20.4" }, { "model": "linux", "scope": "eq", "trust": 1.0, "vendor": "debian", "version": "11.0" }, { "model": "utilities framework", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "4.4.0.3.0" }, { "model": "primavera gateway", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "20.12.0" }, { "model": "communications cloud native core network repository function", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "22.2.0" }, { "model": "primavera p6 enterprise project portfolio management", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "18.8.25.4" }, { "model": "primavera unifier", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "17.12" }, { "model": "oncommand workflow automation", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null }, { "model": "utilities framework", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "4.4.0.2.0" }, { "model": "financial services trade-based anti money laundering", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "8.0.8" }, { "model": "global lifecycle management nextgen oui framework", "scope": "lt", "trust": 1.0, "vendor": "oracle", "version": "13.9.4.2.2" }, { "model": "primavera gateway", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "18.8.0" }, { "model": "financial services analytical applications infrastructure", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "8.1.2.1" }, { "model": "snap creator framework", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null }, { "model": "commerce platform", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "11.3.2" }, { "model": "financial services analytical applications infrastructure", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "8.0.7" }, { "model": "commerce platform", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "11.3.1" }, { "model": "financial services enterprise case management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "8.0.8.0" }, { "model": "primavera gateway", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "19.12.0" }, { "model": "utilities framework", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "4.3.0.5.0" }, { "model": "financial services behavior detection platform", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "8.1.2.1" }, { "model": "big data spatial and graph", "scope": "lt", "trust": 1.0, "vendor": "oracle", "version": "23.1" }, { "model": "weblogic server", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "12.2.1.3.0" }, { "model": "financial services analytical applications infrastructure", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "8.1.0.0" }, { "model": "communications cloud native core unified data repository", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "22.2.0" }, { "model": "primavera gateway", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "20.12.18" }, { "model": "jackson-databind", "scope": "gte", "trust": 1.0, "vendor": "fasterxml", "version": "2.13.0" }, { "model": "jackson-databind", "scope": "lt", "trust": 1.0, "vendor": "fasterxml", "version": "2.12.6.1" }, { "model": "primavera unifier", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "17.0" }, { "model": "primavera gateway", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "21.12.1" }, { "model": "coherence", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.1.1.0.0" }, { "model": "communications cloud native core network repository function", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "22.1.2" }, { "model": "financial services crime and compliance management studio", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "8.0.8.2.0" }, { "model": "utilities framework", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "4.4.0.0.0" }, { "model": "primavera p6 enterprise project portfolio management", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "18.8.0.0" }, { "model": "utilities framework", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "4.4.0.5.0" }, { "model": "communications cloud native core service communication proxy", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "22.2.0" }, { "model": "communications cloud native core binding support function", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "22.1.3" }, { "model": "communications cloud native core security edge protection proxy", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "22.1.1" }, { "model": "jackson-databind", "scope": "lt", "trust": 1.0, "vendor": "fasterxml", "version": "2.13.2.1" }, { "model": "financial services enterprise case management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "8.0.8.1" }, { "model": "sd-wan edge", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "9.0" }, { "model": "primavera p6 enterprise project portfolio management", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "19.12.0" }, { "model": "financial services behavior detection platform", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "8.1.1.0" }, { "model": "communications cloud native core network slice selection function", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "22.1.1" }, { "model": "global lifecycle management opatch", "scope": "lt", "trust": 1.0, "vendor": "oracle", "version": "12.2.0.1.30" }, { "model": "financial services crime and compliance management studio", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "8.0.8.3.0" }, { "model": "communications cloud native core network slice selection function", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "22.1.0" }, { "model": "linux", "scope": "eq", "trust": 1.0, "vendor": "debian", "version": "10.0" }, { "model": "primavera gateway", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "17.12.0" }, { "model": "weblogic server", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.1.1.0.0" }, { "model": "peoplesoft enterprise peopletools", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "8.59" }, { "model": "sd-wan edge", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "9.1" }, { "model": "primavera gateway", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "18.8.14" }, { "model": "primavera p6 enterprise project portfolio management", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "20.12.0.0" }, { "model": "financial services enterprise case management", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "8.1.2.1" }, { "model": "primavera unifier", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "18.0" }, { "model": "weblogic server", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "12.2.1.4.0" }, { "model": "primavera unifier", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "20.12" }, { "model": "communications billing and revenue management", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "12.0.0.6.0" }, { "model": "primavera p6 enterprise project portfolio management", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "19.12.19.0" }, { "model": "retail sales audit", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "15.0.3.1" }, { "model": "financial services analytical applications infrastructure", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "8.1.2.0" }, { "model": "financial services behavior detection platform", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "8.0.7.0.0" }, { "model": "financial services enterprise case management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "8.0.7.2" }, { "model": "primavera gateway", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "21.12.0" }, { "model": "financial services behavior detection platform", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "8.0.8" }, { "model": "primavera unifier", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "19.12" }, { "model": "health sciences empirica signal", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "9.1.0.5.2" }, { "model": "spatial studio", "scope": "lt", "trust": 1.0, "vendor": "oracle", "version": "20.1.0" }, { "model": "cloud insights acquisition unit", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null }, { "model": "linux", "scope": "eq", "trust": 1.0, "vendor": "debian", "version": "9.0" }, { "model": "financial services enterprise case management", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "8.1.1.0" }, { "model": "financial services analytical applications infrastructure", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "8.1.1.0" }, { "model": "graph server and client", "scope": "lt", "trust": 1.0, "vendor": "oracle", "version": "22.2.0" }, { "model": "primavera unifier", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "21.12" }, { "model": "active iq unified manager", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null }, { "model": "financial services enterprise case management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "8.0.7.1" }, { "model": "primavera p6 enterprise project portfolio management", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "17.12.0.0" }, { "model": "global lifecycle management nextgen oui framework", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "13.9.4.2.2" }, { "model": "primavera gateway", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "19.12.13" }, { "model": "primavera gateway", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "17.12.11" }, { "model": "primavera p6 enterprise project portfolio management", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "21.12.4.0" }, { "model": "oncommand insight", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null }, { "model": "commerce platform", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "11.3.0" }, { "model": "communications billing and revenue management", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "12.0.0.4.0" }, { "model": "peoplesoft enterprise peopletools", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "8.58" } ], "sources": [ { "db": "NVD", "id": "CVE-2020-36518" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.12.6.1", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.13.2.1", "versionStartIncluding": "2.13.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:commerce_platform:11.3.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:utilities_framework:4.3.0.5.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:utilities_framework:4.3.0.6.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:utilities_framework:4.4.0.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:sd-wan_edge:9.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:coherence:14.1.1.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:utilities_framework:4.4.0.2.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:global_lifecycle_management_nextgen_oui_framework:13.9.4.2.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:20.12:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.59:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "17.12.11", "versionStartIncluding": "17.12.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:utilities_framework:4.4.0.3.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:sd-wan_edge:9.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:commerce_platform:11.3.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:commerce_platform:11.3.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:21.12:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:financial_services_trade-based_anti_money_laundering:8.0.7:*:*:*:enterprise:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:financial_services_trade-based_anti_money_laundering:8.0.8:*:*:*:enterprise:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.0.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:big_data_spatial_and_graph:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "23.1", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.0.8.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.0.7.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.0.8.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_cloud_native_core_console:1.9.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:22.1.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.1.2.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.1.1.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.0.7.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_billing_and_revenue_management:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "12.0.0.6.0", "versionStartIncluding": "12.0.0.4.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.1.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:financial_services_crime_and_compliance_management_studio:8.0.8.2.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:financial_services_crime_and_compliance_management_studio:8.0.8.3.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:22.2.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:22.1.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:22.1.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:22.2.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:utilities_framework:4.4.0.5.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:global_lifecycle_management_nextgen_oui_framework:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "13.9.4.2.2", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.1.2.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:financial_services_enterprise_case_management:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "8.1.2.1", "versionStartIncluding": "8.1.1.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_sales_audit:15.0.3.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:health_sciences_empirica_signal:9.1.0.5.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:spatial_studio:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "20.1.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "20.12.18", "versionStartIncluding": "20.12.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "19.12.13", "versionStartIncluding": "19.12.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "21.12.1", "versionStartIncluding": "21.12.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "18.8.14", "versionStartIncluding": "18.8.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:18.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.0.7.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:financial_services_behavior_detection_platform:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "8.1.2.1", "versionStartIncluding": "8.1.1.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "18.8.25.4", "versionStartIncluding": "18.8.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "19.12.19.0", "versionStartIncluding": "19.12.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "17.12", "versionStartIncluding": "17.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "8.1.0.0", "versionStartIncluding": "8.0.7", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "21.12.4.0", "versionStartIncluding": "20.12.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "17.12.20.4", "versionStartIncluding": "17.12.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:22.2.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:22.1.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:global_lifecycle_management_opatch:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "12.2.0.1.30", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:graph_server_and_client:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "22.2.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:netapp:snap_creator_framework:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:linux:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:netapp:cloud_insights_acquisition_unit:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2020-36518" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Red Hat", "sources": [ { "db": "PACKETSTORM", "id": "168333" }, { "db": "PACKETSTORM", "id": "168638" }, { "db": "PACKETSTORM", "id": "168631" }, { "db": "PACKETSTORM", "id": "172220" }, { "db": "PACKETSTORM", "id": "169729" }, { "db": "PACKETSTORM", "id": "169728" }, { "db": "PACKETSTORM", "id": "169725" }, { "db": "PACKETSTORM", "id": "167157" }, { "db": "PACKETSTORM", "id": "169920" } ], "trust": 0.9 }, "cve": "CVE-2020-36518", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "impactScore": 2.9, "integrityImpact": "NONE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "id": "VHN-415522", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "exploitabilityScore": 3.9, "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" } ], "severity": [ { "author": "NVD", "id": "CVE-2020-36518", "trust": 1.0, "value": "HIGH" }, { "author": "VULHUB", "id": "VHN-415522", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULHUB", "id": "VHN-415522" }, { "db": "NVD", "id": "CVE-2020-36518" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects. \nThe purpose of this text-only errata is to inform you about the security\nissues fixed in this release. Description:\n\nRed Hat Process Automation Manager is an open source business process\nmanagement suite that combines process management and decision service\nmanagement and enables business and IT users to create, manage, validate,\nand deploy process applications and decision services. \n\nSecurity Fix(es):\n\n* chart.js: prototype pollution (CVE-2020-7746)\n\n* moment: inefficient parsing algorithm resulting in DoS (CVE-2022-31129)\n\n* package immer before 9.0.6. A type confusion vulnerability can lead to a\nbypass of CVE-2020-28477 (CVE-2021-23436)\n\n* artemis-commons: Apache ActiveMQ Artemis DoS (CVE-2022-23913)\n\n* Business-central: Possible XML External Entity Injection attack\n(CVE-2022-2458)\n\n* cross-fetch: Exposure of Private Personal Information to an Unauthorized\nActor (CVE-2022-1365)\n\n* jackson-databind: denial of service via a large depth of nested objects\n(CVE-2020-36518)\n\n* jdbc-postgresql: postgresql-jdbc: Arbitrary File Write Vulnerability\n(CVE-2022-26520)\n\n* jdbc-postgresql: Unchecked Class Instantiation when providing Plugin\nClasses (CVE-2022-21724)\n\n* Moment.js: Path traversal in moment.locale (CVE-2022-24785)\n\n* org.drools-droolsjbpm-integration: minimist: prototype pollution\n(CVE-2021-44906)\n\n* org.kie.workbench-kie-wb-common: minimist: prototype pollution\n(CVE-2021-44906)\n\n* parse-url: Exposure of Sensitive Information to an Unauthorized Actor in\nGitHub repository ionicabizau/parse-url (CVE-2022-0722)\n\n* xercesimpl: xerces-j2: infinite loop when handling specially crafted XML\ndocument payloads (CVE-2022-23437)\n\n* eventsource: Exposure of Sensitive Information (CVE-2022-1650)\n\n* mysql-connector-java: Difficult to exploit vulnerability allows a high\nprivileged attacker with network access via multiple protocols to\ncompromise MySQL Connectors (CVE-2022-21363)\n\n* node-fetch: exposure of sensitive information to an unauthorized actor\n(CVE-2022-0235)\n\n* node-forge: Signature verification failing to check tailing garbage bytes\ncan lead to signature forgery (CVE-2022-24772)\n\n* node-forge: Signature verification leniency in checking `digestAlgorithm`\nstructure can lead to signature forgery (CVE-2022-24771)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. Solution:\n\nFor on-premise installations, before applying the update, back up your\nexisting installation, including all applications, configuration files,\ndatabases and database settings, and so on. \n\nRed Hat recommends that you halt the server by stopping the JBoss\nApplication Server process before installing this update. After installing\nthe update, restart the server by starting the JBoss Application Server\nprocess. \n\nThe References section of this erratum contains a download link. You must\nlog in to download the update. Bugs fixed (https://bugzilla.redhat.com/):\n\n2041833 - CVE-2021-23436 immer: type confusion vulnerability can lead to a bypass of CVE-2020-28477\n2044591 - CVE-2022-0235 node-fetch: exposure of sensitive information to an unauthorized actor\n2047200 - CVE-2022-23437 xerces-j2: infinite loop when handling specially crafted XML document payloads\n2047343 - CVE-2022-21363 mysql-connector-java: Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors\n2050863 - CVE-2022-21724 jdbc-postgresql: Unchecked Class Instantiation when providing Plugin Classes\n2063601 - CVE-2022-23913 artemis-commons: Apache ActiveMQ Artemis DoS\n2064007 - CVE-2022-26520 postgresql-jdbc: Arbitrary File Write Vulnerability\n2064698 - CVE-2020-36518 jackson-databind: denial of service via a large depth of nested objects\n2066009 - CVE-2021-44906 minimist: prototype pollution\n2067387 - CVE-2022-24771 node-forge: Signature verification leniency in checking `digestAlgorithm` structure can lead to signature forgery\n2067458 - CVE-2022-24772 node-forge: Signature verification failing to check tailing garbage bytes can lead to signature forgery\n2072009 - CVE-2022-24785 Moment.js: Path traversal in moment.locale\n2076133 - CVE-2022-1365 cross-fetch: Exposure of Private Personal Information to an Unauthorized Actor\n2085307 - CVE-2022-1650 eventsource: Exposure of Sensitive Information\n2096966 - CVE-2020-7746 chart.js: prototype pollution\n2103584 - CVE-2022-0722 parse-url: Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository ionicabizau/parse-url\n2105075 - CVE-2022-31129 moment: inefficient parsing algorithm resulting in DoS\n2107994 - CVE-2022-2458 Business-central: Possible XML External Entity Injection attack\n\n5. Description:\n\nRed Hat Single Sign-On 7.5 is a standalone server, based on the Keycloak\nproject, that provides authentication and standards-based single sign-on\ncapabilities for web and mobile applications. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. Bugs fixed (https://bugzilla.redhat.com/):\n\n2031958 - CVE-2021-43797 netty: control chars in header names may lead to HTTP request smuggling\n2039403 - CVE-2021-42392 h2: Remote Code Execution in Console\n2040268 - CVE-2022-0225 keycloak: Stored XSS in groups dropdown\n2060929 - CVE-2022-0866 wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled\n2064226 - CVE-2022-0084 xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr\n2064698 - CVE-2020-36518 jackson-databind: denial of service via a large depth of nested objects\n2101942 - CVE-2022-2256 keycloak: improper input validation permits script injection\n2115392 - CVE-2022-2668 keycloak: Uploading of SAML javascript protocol mapper scripts through the admin console\n\n6. Relevant releases/architectures:\n\nRed Hat Enterprise Linux AppStream (v. 9) - noarch\n\n3. Description:\n\nJackson is a suite of data-processing tools for Java, including the\nflagship streaming JSON parser / generator library, matching data-binding\nlibrary, and additional modules to process data encoded in various other\ndata formats. \n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 9.2 Release Notes linked from the References section. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Package List:\n\nRed Hat Enterprise Linux AppStream (v. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Moderate: Red Hat Data Grid 8.3.1 security update\nAdvisory ID: RHSA-2022:2232-01\nProduct: Red Hat JBoss Data Grid\nAdvisory URL: https://access.redhat.com/errata/RHSA-2022:2232\nIssue date: 2022-05-12\nCVE Names: CVE-2020-36518 CVE-2021-38153 CVE-2022-0084 \n=====================================================================\n\n1. Summary:\n\nAn update for Red Hat Data Grid is now available. \n \nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Description:\n\nRed Hat Data Grid is an in-memory, distributed, NoSQL datastore solution. \nIt increases application response times and allows for dramatically\nimproving performance while providing availability, reliability, and\nelastic scale. \n \nData Grid 8.3.1 replaces Data Grid 8.3.0 and includes bug fixes and\nenhancements. Find out more about Data Grid 8.3.1 in the Release Notes[3]. \n\nSecurity Fix(es):\n\n* jackson-databind: denial of service via a large depth of nested objects\n[jdg-8] (CVE-2020-36518)\n\n* kafka-clients: Kafka: Timing Attack Vulnerability for Apache Kafka\nConnect and Clients [jdg-8] (CVE-2021-38153)\n\n* xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of\nstderr [jdg-8] (CVE-2022-0084)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n3. Solution:\n\nTo install this update, do the following:\n \n1. Download the Data Grid 8.3.1 Server patch from the customer portal[\u00b2]. \n2. Back up your existing Data Grid installation. You should back up\ndatabases, configuration files, and so on. \n3. Install the Data Grid 8.3.1 Server patch. \n4. Restart Data Grid to ensure the changes take effect. \n\nFor more information about Data Grid 8.3.1, refer to the 8.3.1 Release\nNotes[\u00b3]\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n2009041 - CVE-2021-38153 Kafka: Timing Attack Vulnerability for Apache Kafka Connect and Clients\n2064226 - CVE-2022-0084 xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr\n2064698 - CVE-2020-36518 jackson-databind: denial of service via a large depth of nested objects\n\n5. References:\n\nhttps://access.redhat.com/security/cve/CVE-2020-36518\nhttps://access.redhat.com/security/cve/CVE-2021-38153\nhttps://access.redhat.com/security/cve/CVE-2022-0084\nhttps://access.redhat.com/security/updates/classification/#moderate\nhttps://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=data.grid\u0026downloadType=securityPatches\u0026version=8.3\nhttps://access.redhat.com/documentation/en-us/red_hat_data_grid/8.3/html-single/red_hat_data_grid_8.3_release_notes/index\n\n6. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2022 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYn0zH9zjgjWX9erEAQhZLw/+JPEE+waFwwS+b4v4/LLIwTjtFhXPqZYP\nWArn7i/vjG6ktOsZU397wdlik4Sv+tmPVX+aElmXLnTALJiOsm7iWjEjuT8qPhqt\nc2V9xN6vEQC7V1IXdwbUQwlkt3r40XbfhsGc4KKHjA8J5fWECwkByM5ofQ4j59jO\nlxpIPa5yRjCV8/4p7lKAXFYMeBInZtb8i4c7pYVnA9Eq+o2bRpV9P3/ES9q8xGF8\nyVBC1Gt/fDZlmDznxlzUEih4HMxmW1uwQhZFHbw6jp6D0bYCn1wWrC6y7FYUmRJ6\n/13BnHV27naz+xBGuSA6EB+AKmzlA85NyIimN2h63AT8VJb2IYv0vM2JMb0JRdK0\n8SAE6hYmjodKxVcqANsBRiiea3vR9GTLN71zCXP8Pmk0dsI1GK29s574QuxUpKSQ\nYY8vXaL0K3j35IsGzmr7AvlYCQr1d3GPFaTnnj3XK+asRDMDrFvw8sCsNjLGRgHI\ndzZdcjpnIi3DXsp3ic1qRbZHpd9C/3o1r7hU++/nkkNNKXjGmzU+EAutaVHXxgLO\nXyuIIScDVb5kNrBpH5krzqU2TA31TFz0RGN5Am6vm8zc5rGyW7iMijAAreU8icgn\nVt6KDpeDYuTffOBgo9WLR7kmo4xq7w94e1rDFxmGhL2OlsJI7S9gTxMhn/lONxTy\nIZnZKy4mPpA=\n=6Kqs\n-----END PGP SIGNATURE-----\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. JIRA issues fixed (https://issues.jboss.org/):\n\nLOG-3250 - [release-5.4] FluentdQueueLengthIncreasing rule failing to be evaluated. \nLOG-3252 - [release-5.4]Adding Valid Subscription Annotation\n\n6", "sources": [ { "db": "NVD", "id": "CVE-2020-36518" }, { "db": "VULHUB", "id": "VHN-415522" }, { "db": "PACKETSTORM", "id": "168333" }, { "db": "PACKETSTORM", "id": "168638" }, { "db": "PACKETSTORM", "id": "168631" }, { "db": "PACKETSTORM", "id": "172220" }, { "db": "PACKETSTORM", "id": "169729" }, { "db": "PACKETSTORM", "id": "169728" }, { "db": "PACKETSTORM", "id": "169725" }, { "db": "PACKETSTORM", "id": "167157" }, { "db": "PACKETSTORM", "id": "169920" } ], "trust": 1.8 }, "exploit_availability": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "reference": "https://www.scap.org.cn/vuln/vhn-415522", "trust": 0.1, "type": "unknown" } ], "sources": [ { "db": "VULHUB", "id": "VHN-415522" } ] }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2020-36518", "trust": 2.0 }, { "db": "PACKETSTORM", "id": "169920", "trust": 0.2 }, { "db": "PACKETSTORM", "id": "169728", "trust": 0.2 }, { "db": "PACKETSTORM", "id": "168333", "trust": 0.2 }, { "db": "PACKETSTORM", "id": "169725", "trust": 0.2 }, { "db": "PACKETSTORM", "id": "167157", "trust": 0.2 }, { "db": "PACKETSTORM", "id": "169729", "trust": 0.2 }, { "db": "PACKETSTORM", "id": "168631", "trust": 0.2 }, { "db": "PACKETSTORM", "id": "168646", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "170179", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "170602", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "167842", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "167841", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "170162", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "169727", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "167579", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "169926", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "167422", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "167423", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "167523", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "167424", "trust": 0.1 }, { "db": "VULHUB", "id": "VHN-415522", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "168638", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "172220", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-415522" }, { "db": "PACKETSTORM", "id": "168333" }, { "db": "PACKETSTORM", "id": "168638" }, { "db": "PACKETSTORM", "id": "168631" }, { "db": "PACKETSTORM", "id": "172220" }, { "db": "PACKETSTORM", "id": "169729" }, { "db": "PACKETSTORM", "id": "169728" }, { "db": "PACKETSTORM", "id": "169725" }, { "db": "PACKETSTORM", "id": "167157" }, { "db": "PACKETSTORM", "id": "169920" }, { "db": "NVD", "id": "CVE-2020-36518" } ] }, "id": "VAR-202203-1400", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-415522" } ], "trust": 0.01 }, "last_update_date": "2024-07-23T22:05:19.247000Z", "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-787", "trust": 1.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-415522" }, { "db": "NVD", "id": "CVE-2020-36518" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.1, "url": "https://security.netapp.com/advisory/ntap-20220506-0004/" }, { "trust": 1.1, "url": "https://www.debian.org/security/2022/dsa-5283" }, { "trust": 1.1, "url": "https://github.com/fasterxml/jackson-databind/issues/2816" }, { "trust": 1.1, "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { "trust": 1.1, "url": "https://www.oracle.com/security-alerts/cpujul2022.html" }, { "trust": 1.1, "url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00001.html" }, { "trust": 1.1, "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00035.html" }, { "trust": 0.9, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36518" }, { "trust": 0.9, "url": "https://access.redhat.com/security/team/contact/" }, { "trust": 0.9, "url": "https://access.redhat.com/security/cve/cve-2020-36518" }, { "trust": 0.9, "url": "https://bugzilla.redhat.com/):" }, { "trust": 0.9, "url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce" }, { "trust": 0.8, "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "trust": 0.6, "url": "https://access.redhat.com/articles/11258" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0084" }, { "trust": 0.5, "url": "https://access.redhat.com/security/cve/cve-2022-0084" }, { "trust": 0.5, "url": "https://access.redhat.com/security/team/key/" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0225" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-2668" }, { "trust": 0.4, "url": "https://access.redhat.com/security/cve/cve-2022-0866" }, { "trust": 0.4, "url": "https://access.redhat.com/security/cve/cve-2022-2668" }, { "trust": 0.4, "url": "https://access.redhat.com/security/cve/cve-2021-43797" }, { "trust": 0.4, "url": "https://access.redhat.com/security/cve/cve-2022-0225" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-42392" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0866" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-43797" }, { "trust": 0.4, "url": "https://access.redhat.com/security/cve/cve-2021-42392" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2021-38153" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-38153" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-22137" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-3629" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-27223" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-9492" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-22132" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-28164" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-28165" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-28165" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-40690" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-2471" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-28163" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22132" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-28164" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-20289" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2022:6407" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-37714" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-3629" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-3520" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-3520" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-2471" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-28163" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-20289" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-37714" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-27223" }, { "trust": 0.1, "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=red.hat.integration\u0026version=2022-q3" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22137" }, { "trust": 0.1, "url": "https://access.redhat.com/documentation/en-us/red_hat_integration/2022.q3" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-9492" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-24771" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-23913" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-23437" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-31129" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0235" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-21724" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-23436" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-21363" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-7746" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-1365" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-44906" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0722" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-0235" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-23436" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1365" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-24785" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-1650" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-26520" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-23437" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-44906" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-23913" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-24771" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-2458" }, { "trust": 0.1, "url": "https://access.redhat.com/security/updates/classification/#important" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-21363" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2022:6813" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-2458" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-24772" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-7746" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-21724" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-0722" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1650" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-2256" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-2256" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2022:6782" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2023:2312" }, { "trust": 0.1, "url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/9.2_release_notes/index" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2022:7410" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2022:7409" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2022:7411" }, { "trust": 0.1, "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=data.grid\u0026downloadtype=securitypatches\u0026version=8.3" }, { "trust": 0.1, "url": "https://access.redhat.com/documentation/en-us/red_hat_data_grid/8.3/html-single/red_hat_data_grid_8.3_release_notes/index" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2022:2232" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-26716" }, { "trust": 0.1, "url": "https://issues.jboss.org/):" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-35525" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-22624" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1304" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22629" }, { "trust": 0.1, "url": "https://docs.openshift.com/container-platform/4.10/logging/cluster-logging-release-notes.html" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-22662" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-3709" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-42004" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22624" }, { "trust": 0.1, "url": "https://docs.openshift.com/container-platform/4.10/logging/cluster-logging-upgrading.html" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2022:7435" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22628" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-26709" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-2509" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-26719" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22662" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-26710" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-32149" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-1304" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-35527" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-3515" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-42003" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-2509" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-30293" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-26716" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-22628" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-22629" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-26700" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-26717" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-37434" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-26710" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-26709" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-40674" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-3709" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-35525" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-26700" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-35527" } ], "sources": [ { "db": "VULHUB", "id": "VHN-415522" }, { "db": "PACKETSTORM", "id": "168333" }, { "db": "PACKETSTORM", "id": "168638" }, { "db": "PACKETSTORM", "id": "168631" }, { "db": "PACKETSTORM", "id": "172220" }, { "db": "PACKETSTORM", "id": "169729" }, { "db": "PACKETSTORM", "id": "169728" }, { "db": "PACKETSTORM", "id": "169725" }, { "db": "PACKETSTORM", "id": "167157" }, { "db": "PACKETSTORM", "id": "169920" }, { "db": "NVD", "id": "CVE-2020-36518" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULHUB", "id": "VHN-415522" }, { "db": "PACKETSTORM", "id": "168333" }, { "db": "PACKETSTORM", "id": "168638" }, { "db": "PACKETSTORM", "id": "168631" }, { "db": "PACKETSTORM", "id": "172220" }, { "db": "PACKETSTORM", "id": "169729" }, { "db": "PACKETSTORM", "id": "169728" }, { "db": "PACKETSTORM", "id": "169725" }, { "db": "PACKETSTORM", "id": "167157" }, { "db": "PACKETSTORM", "id": "169920" }, { "db": "NVD", "id": "CVE-2020-36518" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-03-11T00:00:00", "db": "VULHUB", "id": "VHN-415522" }, { "date": "2022-09-09T16:15:16", "db": "PACKETSTORM", "id": "168333" }, { "date": "2022-10-06T12:37:43", "db": "PACKETSTORM", "id": "168638" }, { "date": "2022-10-05T14:27:31", "db": "PACKETSTORM", "id": "168631" }, { "date": "2023-05-09T15:20:56", "db": "PACKETSTORM", "id": "172220" }, { "date": "2022-11-04T13:44:06", "db": "PACKETSTORM", "id": "169729" }, { "date": "2022-11-04T13:43:56", "db": "PACKETSTORM", "id": "169728" }, { "date": "2022-11-04T13:43:17", "db": "PACKETSTORM", "id": "169725" }, { "date": "2022-05-12T16:34:47", "db": "PACKETSTORM", "id": "167157" }, { "date": "2022-11-17T13:23:05", "db": "PACKETSTORM", "id": "169920" }, { "date": "2022-03-11T07:15:07.800000", "db": "NVD", "id": "CVE-2020-36518" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-11-29T00:00:00", "db": "VULHUB", "id": "VHN-415522" }, { "date": "2022-11-29T22:12:38.183000", "db": "NVD", "id": "CVE-2020-36518" } ] }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Red Hat Security Advisory 2022-6407-01", "sources": [ { "db": "PACKETSTORM", "id": "168333" } ], "trust": 0.1 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "code execution, xss", "sources": [ { "db": "PACKETSTORM", "id": "168631" }, { "db": "PACKETSTORM", "id": "169729" }, { "db": "PACKETSTORM", "id": "169728" }, { "db": "PACKETSTORM", "id": "169725" } ], "trust": 0.4 } }
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.