var-202301-0598
Vulnerability from variot

Unproper laxist permissions on the temporary files used by MIME4J TempFileStorageProvider may lead to information disclosure to other local users. This issue affects Apache James MIME4J version 0.8.8 and prior versions.

We recommend users to upgrade to MIME4j version 0.8.9 or later. Apache James MIME4J There is a vulnerability in plaintext storage of important information.Information may be obtained. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

===================================================================== Red Hat Security Advisory

Synopsis: Important: Red Hat JBoss Enterprise Application Platform 7.4.10 on RHEL 7 security update Advisory ID: RHSA-2023:1512-01 Product: Red Hat JBoss Enterprise Application Platform Advisory URL: https://access.redhat.com/errata/RHSA-2023:1512 Issue date: 2023-03-29 CVE Names: CVE-2022-1471 CVE-2022-4492 CVE-2022-38752 CVE-2022-41853 CVE-2022-41854 CVE-2022-41881 CVE-2022-45787 CVE-2023-0482 CVE-2023-1108 =====================================================================

  1. Summary:

A security update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

  1. Relevant releases/architectures:

Red Hat JBoss EAP 7.4 for RHEL 7 Server - noarch, x86_64

  1. Description:

Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime.

This release of Red Hat JBoss Enterprise Application Platform 7.4.10 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.9 and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.10 Release Notes for information about the most significant bug fixes and enhancements included in this release.

Security Fix(es):

  • SnakeYaml: Constructor Deserialization Remote Code Execution (CVE-2022-1471)

  • hsqldb: Untrusted input may lead to RCE attack (CVE-2022-41853)

  • Undertow: Infinite loop in SslConduit during close (CVE-2023-1108)

  • undertow: Server identity in https connection is not checked by the undertow client (CVE-2022-4492)

  • snakeyaml: Uncaught exception in java.base/java.util.ArrayList.hashCode (CVE-2022-38752)

  • dev-java/snakeyaml: DoS via stack overflow (CVE-2022-41854)

  • codec-haproxy: HAProxyMessageDecoder Stack Exhaustion DoS (CVE-2022-41881)

  • apache-james-mime4j: Temporary File Information Disclosure in MIME4J TempFileStorageProvider (CVE-2022-45787)

  • RESTEasy: creation of insecure temp files (CVE-2023-0482)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

  1. Solution:

Before applying this update, make sure all previously released errata relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

  1. Bugs fixed (https://bugzilla.redhat.com/):

2129710 - CVE-2022-38752 snakeyaml: Uncaught exception in java.base/java.util.ArrayList.hashCode 2136141 - CVE-2022-41853 hsqldb: Untrusted input may lead to RCE attack 2150009 - CVE-2022-1471 SnakeYaml: Constructor Deserialization Remote Code Execution 2151988 - CVE-2022-41854 dev-java/snakeyaml: DoS via stack overflow 2153260 - CVE-2022-4492 undertow: Server identity in https connection is not checked by the undertow client 2153379 - CVE-2022-41881 codec-haproxy: HAProxyMessageDecoder Stack Exhaustion DoS 2158916 - CVE-2022-45787 apache-james-mime4j: Temporary File Information Disclosure in MIME4J TempFileStorageProvider 2166004 - CVE-2023-0482 RESTEasy: creation of insecure temp files 2174246 - CVE-2023-1108 Undertow: Infinite loop in SslConduit during close

  1. JIRA issues fixed (https://issues.jboss.org/):

JBEAP-23572 - (7.4.z) Upgrade jbossws-spi from 3.3.1.Final-redhat-00001 to 3.4.0.Final-redhat-00001 JBEAP-24120 - Tracker bug for the EAP 7.4.10 release for RHEL-7 JBEAP-24172 - (7.4.z) Upgrade jbossws-cxf from 5.4.4.Final-redhat-00001 to 5.4.8.Final-redhat-00001 JBEAP-24182 - (7.4.z) Upgrade wildfly-http-ejb-client from 1.1.13.SP1-redhat-00001 to 1.1.16.Final-redhat-00002 JBEAP-24220 - GSS Upgrade JBoss Metadata from 13.0.0.Final-redhat-00001 to 13.4.0.Final-redhat-00001 JBEAP-24254 - JDK17, CLI script to update security doesn't apply to microprofile JBEAP-24292 - (7.4.z) Upgrade Artemis Native from 1.0.2.redhat-00001 to 1.0.2.redhat-00004 JBEAP-24339 - (7.4.z) Upgrade Undertow from 2.2.22.SP3-redhat-00001 to 2.2.23.SP1 JBEAP-24341 - (7.4.z) Upgrade Ironjacamar from 1.5.10.Final-redhat-00001 to 1.5.11.Final-redhat-00001 JBEAP-24363 - (7.4.z) Upgrade org.jboss.spec.javax.el:jboss-el-api_3.0_spec from 2.0.0.Final-redhat-00001 to 2.0.1.Final JBEAP-24372 - (7.4.z) Upgrade PicketLink from 2.5.5.SP12-redhat-00011 to 2.5.5.SP12-redhat-00012 JBEAP-24380 - (7.4.z) Upgrade jastow from 2.0.11.Final-redhat-00001 to 2.0.14.Final-redhat-00001 JBEAP-24383 - GSS Upgrade artemis-wildfly-integration from 1.0.4 to 1.0.7 JBEAP-24384 - (7.4.z) Upgrade netty from 4.1.77.Final-redhat-00001 to 4.1.86.Final JBEAP-24385 - (7.4.z) Upgrade WildFly Core from 15.0.22.Final-redhat-00001 to 15.0.23.Final-redhat-00001 JBEAP-24395 - GSS Upgrade jboss-ejb-client from 4.0.49.Final-redhat-00001 to 4.0.50.Final JBEAP-24507 - (7.4.z) RESTEASY-3285 Upgrade resteasy 3.15.x to mime4j 0.8.9 JBEAP-24535 - GSS UNDERTOW-2239 - Infinite loop in SslConduit during close on JDK 11 JBEAP-24574 - PST Upgrade snakeyaml from 1.33.0.redhat-00001 to 1.33.SP1.redhat-00001 JBEAP-24588 - GSS RHEL9 rpms: yum groupinstall jboss-eap7 installing JDK11 instead of JDK8 with EAP 7.4 Update 9 JBEAP-24605 - PST Upgrade undertow from 2.2.23.SP1-redhat-00001 to 2.2.23.SP2 JBEAP-24618 - (7.4.z) Upgrade WildFly Core from 15.0.23.Final-redhat-00001 to 15.0.25.Final-redhat-00001

  1. Package List:

Red Hat JBoss EAP 7.4 for RHEL 7 Server:

Source: eap7-activemq-artemis-native-1.0.2-3.redhat_00004.1.el7eap.src.rpm eap7-apache-mime4j-0.8.9-1.redhat_00001.1.el7eap.src.rpm eap7-artemis-native-1.0.2-4.redhat_00004.1.el7eap.src.rpm eap7-artemis-wildfly-integration-1.0.7-1.redhat_00001.1.el7eap.src.rpm eap7-infinispan-11.0.17-1.Final_redhat_00001.1.el7eap.src.rpm eap7-ironjacamar-1.5.11-1.Final_redhat_00001.1.el7eap.src.rpm eap7-jboss-ejb-client-4.0.50-1.Final_redhat_00001.1.el7eap.src.rpm eap7-jboss-el-api_3.0_spec-2.0.1-1.Final_redhat_00001.1.el7eap.src.rpm eap7-jboss-metadata-13.4.0-1.Final_redhat_00001.1.el7eap.src.rpm eap7-jboss-server-migration-1.10.0-26.Final_redhat_00025.1.el7eap.src.rpm eap7-jbossws-cxf-5.4.8-1.Final_redhat_00001.1.el7eap.src.rpm eap7-jbossws-spi-3.4.0-2.Final_redhat_00001.1.el7eap.src.rpm eap7-netty-4.1.86-1.Final_redhat_00001.1.el7eap.src.rpm eap7-netty-transport-native-epoll-4.1.86-1.Final_redhat_00001.1.el7eap.src.rpm eap7-picketlink-federation-2.5.5-22.SP12_redhat_00012.1.el7eap.src.rpm eap7-resteasy-3.15.5-1.Final_redhat_00001.1.el7eap.src.rpm eap7-snakeyaml-1.33.0-2.SP1_redhat_00001.1.el7eap.src.rpm eap7-undertow-2.2.23-1.SP2_redhat_00001.1.el7eap.src.rpm eap7-undertow-jastow-2.0.14-1.Final_redhat_00001.1.el7eap.src.rpm eap7-wildfly-7.4.10-6.GA_redhat_00002.1.el7eap.src.rpm eap7-wildfly-http-client-1.1.16-1.Final_redhat_00002.1.el7eap.src.rpm

noarch: eap7-activemq-artemis-native-1.0.2-3.redhat_00004.1.el7eap.noarch.rpm eap7-apache-mime4j-0.8.9-1.redhat_00001.1.el7eap.noarch.rpm eap7-artemis-wildfly-integration-1.0.7-1.redhat_00001.1.el7eap.noarch.rpm eap7-infinispan-11.0.17-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-infinispan-cachestore-jdbc-11.0.17-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-infinispan-cachestore-remote-11.0.17-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-infinispan-client-hotrod-11.0.17-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-infinispan-commons-11.0.17-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-infinispan-component-annotations-11.0.17-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-infinispan-core-11.0.17-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-infinispan-hibernate-cache-commons-11.0.17-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-infinispan-hibernate-cache-spi-11.0.17-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-infinispan-hibernate-cache-v53-11.0.17-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-ironjacamar-1.5.11-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-ironjacamar-common-api-1.5.11-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-ironjacamar-common-impl-1.5.11-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-ironjacamar-common-spi-1.5.11-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-ironjacamar-core-api-1.5.11-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-ironjacamar-core-impl-1.5.11-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-ironjacamar-deployers-common-1.5.11-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-ironjacamar-jdbc-1.5.11-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-ironjacamar-validator-1.5.11-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-jboss-ejb-client-4.0.50-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-jboss-el-api_3.0_spec-2.0.1-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-jboss-metadata-13.4.0-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-jboss-metadata-appclient-13.4.0-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-jboss-metadata-common-13.4.0-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-jboss-metadata-ear-13.4.0-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-jboss-metadata-ejb-13.4.0-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-jboss-metadata-web-13.4.0-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-jboss-server-migration-1.10.0-26.Final_redhat_00025.1.el7eap.noarch.rpm eap7-jboss-server-migration-cli-1.10.0-26.Final_redhat_00025.1.el7eap.noarch.rpm eap7-jboss-server-migration-core-1.10.0-26.Final_redhat_00025.1.el7eap.noarch.rpm eap7-jbossws-cxf-5.4.8-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-jbossws-spi-3.4.0-2.Final_redhat_00001.1.el7eap.noarch.rpm eap7-netty-4.1.86-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-netty-all-4.1.86-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-netty-buffer-4.1.86-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-netty-codec-4.1.86-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-netty-codec-dns-4.1.86-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-netty-codec-haproxy-4.1.86-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-netty-codec-http-4.1.86-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-netty-codec-http2-4.1.86-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-netty-codec-memcache-4.1.86-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-netty-codec-mqtt-4.1.86-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-netty-codec-redis-4.1.86-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-netty-codec-smtp-4.1.86-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-netty-codec-socks-4.1.86-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-netty-codec-stomp-4.1.86-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-netty-codec-xml-4.1.86-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-netty-common-4.1.86-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-netty-handler-4.1.86-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-netty-handler-proxy-4.1.86-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-netty-resolver-4.1.86-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-netty-resolver-dns-4.1.86-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-netty-resolver-dns-classes-macos-4.1.86-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-netty-transport-4.1.86-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-netty-transport-classes-epoll-4.1.86-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-netty-transport-classes-kqueue-4.1.86-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-netty-transport-native-unix-common-4.1.86-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-netty-transport-rxtx-4.1.86-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-netty-transport-sctp-4.1.86-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-netty-transport-udt-4.1.86-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-picketlink-api-2.5.5-22.SP12_redhat_00012.1.el7eap.noarch.rpm eap7-picketlink-common-2.5.5-22.SP12_redhat_00012.1.el7eap.noarch.rpm eap7-picketlink-config-2.5.5-22.SP12_redhat_00012.1.el7eap.noarch.rpm eap7-picketlink-federation-2.5.5-22.SP12_redhat_00012.1.el7eap.noarch.rpm eap7-picketlink-idm-api-2.5.5-22.SP12_redhat_00012.1.el7eap.noarch.rpm eap7-picketlink-idm-impl-2.5.5-22.SP12_redhat_00012.1.el7eap.noarch.rpm eap7-picketlink-idm-simple-schema-2.5.5-22.SP12_redhat_00012.1.el7eap.noarch.rpm eap7-picketlink-impl-2.5.5-22.SP12_redhat_00012.1.el7eap.noarch.rpm eap7-resteasy-3.15.5-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-resteasy-atom-provider-3.15.5-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-resteasy-cdi-3.15.5-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-resteasy-client-3.15.5-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-resteasy-crypto-3.15.5-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-resteasy-jackson-provider-3.15.5-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-resteasy-jackson2-provider-3.15.5-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-resteasy-jaxb-provider-3.15.5-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-resteasy-jaxrs-3.15.5-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-resteasy-jettison-provider-3.15.5-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-resteasy-jose-jwt-3.15.5-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-resteasy-jsapi-3.15.5-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-resteasy-json-binding-provider-3.15.5-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-resteasy-json-p-provider-3.15.5-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-resteasy-multipart-provider-3.15.5-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-resteasy-rxjava2-3.15.5-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-resteasy-spring-3.15.5-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-resteasy-validator-provider-11-3.15.5-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-resteasy-yaml-provider-3.15.5-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-snakeyaml-1.33.0-2.SP1_redhat_00001.1.el7eap.noarch.rpm eap7-undertow-2.2.23-1.SP2_redhat_00001.1.el7eap.noarch.rpm eap7-undertow-jastow-2.0.14-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-wildfly-7.4.10-6.GA_redhat_00002.1.el7eap.noarch.rpm eap7-wildfly-http-client-common-1.1.16-1.Final_redhat_00002.1.el7eap.noarch.rpm eap7-wildfly-http-ejb-client-1.1.16-1.Final_redhat_00002.1.el7eap.noarch.rpm eap7-wildfly-http-naming-client-1.1.16-1.Final_redhat_00002.1.el7eap.noarch.rpm eap7-wildfly-http-transaction-client-1.1.16-1.Final_redhat_00002.1.el7eap.noarch.rpm eap7-wildfly-java-jdk11-7.4.10-6.GA_redhat_00002.1.el7eap.noarch.rpm eap7-wildfly-java-jdk8-7.4.10-6.GA_redhat_00002.1.el7eap.noarch.rpm eap7-wildfly-javadocs-7.4.10-6.GA_redhat_00002.1.el7eap.noarch.rpm eap7-wildfly-modules-7.4.10-6.GA_redhat_00002.1.el7eap.noarch.rpm

x86_64: eap7-artemis-native-1.0.2-4.redhat_00004.1.el7eap.x86_64.rpm eap7-artemis-native-debuginfo-1.0.2-4.redhat_00004.1.el7eap.x86_64.rpm eap7-artemis-native-wildfly-1.0.2-4.redhat_00004.1.el7eap.x86_64.rpm eap7-netty-transport-native-epoll-4.1.86-1.Final_redhat_00001.1.el7eap.x86_64.rpm eap7-netty-transport-native-epoll-debuginfo-4.1.86-1.Final_redhat_00001.1.el7eap.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

  1. References:

https://access.redhat.com/security/cve/CVE-2022-1471 https://access.redhat.com/security/cve/CVE-2022-4492 https://access.redhat.com/security/cve/CVE-2022-38752 https://access.redhat.com/security/cve/CVE-2022-41853 https://access.redhat.com/security/cve/CVE-2022-41854 https://access.redhat.com/security/cve/CVE-2022-41881 https://access.redhat.com/security/cve/CVE-2022-45787 https://access.redhat.com/security/cve/CVE-2023-0482 https://access.redhat.com/security/cve/CVE-2023-1108 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/ https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/

  1. Contact:

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1

iQIVAwUBZCT+zNzjgjWX9erEAQjgHg/+JaRL/MORx2YrlQ2vSQf3wEHiXL7cSG5b 81HEug+HhLXEzqjRLmFtsqM+eBYFMawokVsOX0PBat7yyJUcwttn7NdO8MlEvrKA Juh3RHqCSJPE3X5N7OnKTkdJUs7Zxfvmzo6mIly321gjUl51bxl/yVPzXuBiI89S rPgI1n6wdp4Tb/HDxZ5h2rAX7L8xckVzHnr3ld8MG3Mi2CqrvSnLkYy1YsAxiSrF Q8tT1dCnCAjUEA2wULxq0a+PrH5cCpkBJ8d6w5Y9lxGKuF1dYzUQAIaDuCvTw4w4 7i5g5Gt3X+/uks/8y00NWxDOTHWnzvlHTT7NWZAtSD1PwknaGQJ4dGPJMUo+Y2Tt cVuxyhcfQMixEc6+P6EwJrdWuaa6MdU8rceWKFc/a8X//BefU0chSAGi9CfXsC1y WBR75mfFZleVPRoJtQ0ZLz+Se0rsKwxV9F/FbHlcAhCvaZzbDi2PAHH3YhPqMcmu JdgRJlT/xBDeZMqb+4U9aiwKox53tuXW7ACUZeN8dlP/pCLiiFFaW0jaObR5zfVy R51T2b2Lyt7HHkxp/GGXNOfZHjkgYDHGssduzDADhMthLPLJrJb9jQdWRrkjFagt 4agw2EM+/mtBpB4Wcsp1CXb61UfU4jv0O5BPIvHx81l+vqZRKVuICmCb4FI/wnEi fsWX8UaljMw= =qlyL -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . You can also manage user accounts for web applications, mobile applications, and RESTful web services. Description:

Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. Bugs fixed (https://bugzilla.redhat.com/):

2158916 - CVE-2022-45787 apache-james-mime4j: Temporary File Information Disclosure in MIME4J TempFileStorageProvider 2163533 - CVE-2023-0481 quarkus: insecure permissions on temp files 2166004 - CVE-2023-0482 RESTEasy: creation of insecure temp files 2174854 - CVE-2023-26053 gradle: usage of long IDs for PGP keys is unsafe and is subject to collision attacks 2180886 - CVE-2023-1584 quarkus-oidc: ID and access tokens leak via the authorization code flow 2181977 - CVE-2023-28867 graphql-java: crafted GraphQL query causes stack consumption 2182788 - CVE-2023-1436 jettison: Uncontrolled Recursion in JSONArray 2211026 - CVE-2023-2974 quarkus-core: TLS protocol configured with quarkus.http.ssl.protocols is not enforced, client can enforce weaker supported TLS protocol

  1. JIRA issues fixed (https://issues.redhat.com/):

QUARKUS-2672 - Infinispan client is not aligned with newly released Red Hat Data Grid 8.4 QUARKUS-2787 - Rest Data Panache: Correct Open API integration QUARKUS-2846 - Ensure that new line chars don't break Panache projection QUARKUS-2978 - ExceptionMapper is not working in DEV mode QUARKUS-3158 - Do not create session and PKCE encryption keys if only bearer tokens are expected QUARKUS-3159 - 2.13: Do not support any Origin by default if CORS is enabled QUARKUS-3161 - Fix security-csrf-prevention.adoc QUARKUS-3164 - Logging with Panache: fix LocalVariablesSorter usage QUARKUS-3167 - Make SDKMAN releases minor for maintenance and preview releases QUARKUS-3168 - Backport Ensure that ConfigBuilder classes work in native mode to 2.13 QUARKUS-3169 - New home for Narayana LRA coordinator Docker images QUARKUS-3170 - Fix truststore REST Client config when password is not set QUARKUS-3173 - Reinitialize sun.security.pkcs11.P11Util at runtime QUARKUS-3174 - Prevent SSE writing from potentially causing accumulation of headers QUARKUS-3175 - Filter out RESTEasy related warning in ProviderConfigInjectionWarningsTest QUARKUS-3176 - Make sure parent modules are loaded into workspace before those that depend on them QUARKUS-3177 - Fix copy paste error in qute docs QUARKUS-3178 - Pass --userns=keep-id to podman only when in rootless mode QUARKUS-3179 - Fix stuck HTTP2 request when sent challenge has resumed request QUARKUS-3181 - Make sure quarkus:go-offline properly supports test scoped dependencies QUARKUS-3184 - Use SchemaType.ARRAY instead of "ARRAY" for native support QUARKUS-3185 - Simplify logic in create-app.adoc and allow to define stream QUARKUS-3187 - Allow context propagation for OpenTelemetry QUARKUS-3188 - Fix RestAssured URL handling and unexpected restarts in QuarkusProdModeTest QUARKUS-3191 - Drop ':z' bind option when using MacOS and Podman QUARKUS-3194 - Exclude Netty's reflection configuration files QUARKUS-3195 - Integrate the api dependency from Infinispan 14 (#ISPN-14268) QUARKUS-3205 - Missing JARs and other discrepancies related to xpp3 dependency in 2.13.8

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202301-0598",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "james",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apache",
        "version": "0.8.9"
      },
      {
        "model": "hitachi ops center common services",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u65e5\u7acb",
        "version": null
      },
      {
        "model": "james",
        "scope": null,
        "trust": 0.8,
        "vendor": "apache",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-001784"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-45787"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:apache:james:*:*:*:*:mime4j:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "0.8.9",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2022-45787"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Red Hat",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "171600"
      },
      {
        "db": "PACKETSTORM",
        "id": "171593"
      },
      {
        "db": "PACKETSTORM",
        "id": "171664"
      },
      {
        "db": "PACKETSTORM",
        "id": "172284"
      },
      {
        "db": "PACKETSTORM",
        "id": "172281"
      },
      {
        "db": "PACKETSTORM",
        "id": "172265"
      },
      {
        "db": "PACKETSTORM",
        "id": "173213"
      }
    ],
    "trust": 0.7
  },
  "cve": "CVE-2022-45787",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 1.8,
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Local",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 5.5,
            "baseSeverity": "Medium",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2022-45787",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "Low",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2022-45787",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202301-447",
            "trust": 0.6,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-001784"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202301-447"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-45787"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Unproper laxist permissions on the temporary files used by MIME4J TempFileStorageProvider may lead to information disclosure to other local users. This issue affects Apache James MIME4J version 0.8.8 and prior versions. \n\nWe recommend users to upgrade to MIME4j version 0.8.9 or later. Apache James MIME4J There is a vulnerability in plaintext storage of important information.Information may be obtained. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n                   Red Hat Security Advisory\n\nSynopsis:          Important: Red Hat JBoss Enterprise Application Platform 7.4.10 on RHEL 7 security update\nAdvisory ID:       RHSA-2023:1512-01\nProduct:           Red Hat JBoss Enterprise Application Platform\nAdvisory URL:      https://access.redhat.com/errata/RHSA-2023:1512\nIssue date:        2023-03-29\nCVE Names:         CVE-2022-1471 CVE-2022-4492 CVE-2022-38752 \n                   CVE-2022-41853 CVE-2022-41854 CVE-2022-41881 \n                   CVE-2022-45787 CVE-2023-0482 CVE-2023-1108 \n=====================================================================\n\n1. Summary:\n\nA security update is now available for Red Hat JBoss Enterprise Application\nPlatform 7.4 for Red Hat Enterprise Linux 7. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat JBoss EAP 7.4 for RHEL 7 Server - noarch, x86_64\n\n3. Description:\n\nRed Hat JBoss Enterprise Application Platform 7 is a platform for Java\napplications based on the WildFly application runtime. \n\nThis release of Red Hat JBoss Enterprise Application Platform 7.4.10 serves\nas a replacement for Red Hat JBoss Enterprise Application Platform 7.4.9\nand includes bug fixes and enhancements. See the Red Hat JBoss Enterprise\nApplication Platform 7.4.10 Release Notes for information about the most\nsignificant bug fixes and enhancements included in this release. \n\nSecurity Fix(es):\n\n* SnakeYaml: Constructor Deserialization Remote Code Execution\n(CVE-2022-1471)\n\n* hsqldb: Untrusted input may lead to RCE attack (CVE-2022-41853)\n\n* Undertow: Infinite loop in SslConduit during close (CVE-2023-1108)\n\n* undertow: Server identity in https connection is not checked by the\nundertow client (CVE-2022-4492)\n\n* snakeyaml: Uncaught exception in java.base/java.util.ArrayList.hashCode\n(CVE-2022-38752)\n\n* dev-java/snakeyaml: DoS via stack overflow (CVE-2022-41854)\n\n* codec-haproxy: HAProxyMessageDecoder Stack Exhaustion DoS\n(CVE-2022-41881)\n\n* apache-james-mime4j: Temporary File Information Disclosure in MIME4J\nTempFileStorageProvider (CVE-2022-45787)\n\n* RESTEasy: creation of insecure temp files (CVE-2023-0482)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n4. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n2129710 - CVE-2022-38752 snakeyaml: Uncaught exception in java.base/java.util.ArrayList.hashCode\n2136141 - CVE-2022-41853 hsqldb: Untrusted input may lead to RCE attack\n2150009 - CVE-2022-1471 SnakeYaml: Constructor Deserialization Remote Code Execution\n2151988 - CVE-2022-41854 dev-java/snakeyaml: DoS via stack overflow\n2153260 - CVE-2022-4492 undertow: Server identity in https connection is not checked by the undertow client\n2153379 - CVE-2022-41881 codec-haproxy: HAProxyMessageDecoder Stack Exhaustion DoS\n2158916 - CVE-2022-45787 apache-james-mime4j: Temporary File Information Disclosure in MIME4J TempFileStorageProvider\n2166004 - CVE-2023-0482 RESTEasy: creation of insecure temp files\n2174246 - CVE-2023-1108 Undertow: Infinite loop in SslConduit during close\n\n6. JIRA issues fixed (https://issues.jboss.org/):\n\nJBEAP-23572 - (7.4.z) Upgrade jbossws-spi from 3.3.1.Final-redhat-00001 to 3.4.0.Final-redhat-00001\nJBEAP-24120 - Tracker bug for the EAP 7.4.10 release for RHEL-7\nJBEAP-24172 - (7.4.z) Upgrade jbossws-cxf from 5.4.4.Final-redhat-00001 to 5.4.8.Final-redhat-00001\nJBEAP-24182 - (7.4.z) Upgrade wildfly-http-ejb-client from 1.1.13.SP1-redhat-00001 to 1.1.16.Final-redhat-00002\nJBEAP-24220 - [GSS](7.4.z) Upgrade JBoss Metadata from 13.0.0.Final-redhat-00001 to 13.4.0.Final-redhat-00001\nJBEAP-24254 - JDK17, CLI script to update security doesn\u0027t apply to microprofile\nJBEAP-24292 - (7.4.z) Upgrade Artemis Native from 1.0.2.redhat-00001 to 1.0.2.redhat-00004\nJBEAP-24339 - (7.4.z) Upgrade Undertow from 2.2.22.SP3-redhat-00001 to 2.2.23.SP1\nJBEAP-24341 - (7.4.z) Upgrade Ironjacamar from 1.5.10.Final-redhat-00001 to 1.5.11.Final-redhat-00001\nJBEAP-24363 - (7.4.z) Upgrade org.jboss.spec.javax.el:jboss-el-api_3.0_spec from 2.0.0.Final-redhat-00001 to 2.0.1.Final\nJBEAP-24372 - (7.4.z) Upgrade PicketLink from 2.5.5.SP12-redhat-00011 to 2.5.5.SP12-redhat-00012\nJBEAP-24380 - (7.4.z) Upgrade jastow from 2.0.11.Final-redhat-00001 to 2.0.14.Final-redhat-00001\nJBEAP-24383 - [GSS](7.4.z) Upgrade artemis-wildfly-integration from 1.0.4 to 1.0.7\nJBEAP-24384 - (7.4.z) Upgrade netty from 4.1.77.Final-redhat-00001 to 4.1.86.Final\nJBEAP-24385 - (7.4.z) Upgrade WildFly Core from 15.0.22.Final-redhat-00001 to 15.0.23.Final-redhat-00001\nJBEAP-24395 - [GSS](7.4.z) Upgrade jboss-ejb-client from 4.0.49.Final-redhat-00001 to 4.0.50.Final\nJBEAP-24507 - (7.4.z) RESTEASY-3285 Upgrade resteasy 3.15.x to mime4j 0.8.9\nJBEAP-24535 - [GSS](7.4.z) UNDERTOW-2239 - Infinite loop in `SslConduit` during close on JDK 11\nJBEAP-24574 - [PST](7.4.z) Upgrade snakeyaml from 1.33.0.redhat-00001 to 1.33.SP1.redhat-00001\nJBEAP-24588 - [GSS](7.4.z) RHEL9 rpms: yum groupinstall jboss-eap7 installing JDK11 instead of JDK8 with EAP 7.4 Update 9\nJBEAP-24605 - [PST](7.4.z) Upgrade undertow from 2.2.23.SP1-redhat-00001 to 2.2.23.SP2\nJBEAP-24618 - (7.4.z) Upgrade WildFly Core from 15.0.23.Final-redhat-00001 to 15.0.25.Final-redhat-00001\n\n7. Package List:\n\nRed Hat JBoss EAP 7.4 for RHEL 7 Server:\n\nSource:\neap7-activemq-artemis-native-1.0.2-3.redhat_00004.1.el7eap.src.rpm\neap7-apache-mime4j-0.8.9-1.redhat_00001.1.el7eap.src.rpm\neap7-artemis-native-1.0.2-4.redhat_00004.1.el7eap.src.rpm\neap7-artemis-wildfly-integration-1.0.7-1.redhat_00001.1.el7eap.src.rpm\neap7-infinispan-11.0.17-1.Final_redhat_00001.1.el7eap.src.rpm\neap7-ironjacamar-1.5.11-1.Final_redhat_00001.1.el7eap.src.rpm\neap7-jboss-ejb-client-4.0.50-1.Final_redhat_00001.1.el7eap.src.rpm\neap7-jboss-el-api_3.0_spec-2.0.1-1.Final_redhat_00001.1.el7eap.src.rpm\neap7-jboss-metadata-13.4.0-1.Final_redhat_00001.1.el7eap.src.rpm\neap7-jboss-server-migration-1.10.0-26.Final_redhat_00025.1.el7eap.src.rpm\neap7-jbossws-cxf-5.4.8-1.Final_redhat_00001.1.el7eap.src.rpm\neap7-jbossws-spi-3.4.0-2.Final_redhat_00001.1.el7eap.src.rpm\neap7-netty-4.1.86-1.Final_redhat_00001.1.el7eap.src.rpm\neap7-netty-transport-native-epoll-4.1.86-1.Final_redhat_00001.1.el7eap.src.rpm\neap7-picketlink-federation-2.5.5-22.SP12_redhat_00012.1.el7eap.src.rpm\neap7-resteasy-3.15.5-1.Final_redhat_00001.1.el7eap.src.rpm\neap7-snakeyaml-1.33.0-2.SP1_redhat_00001.1.el7eap.src.rpm\neap7-undertow-2.2.23-1.SP2_redhat_00001.1.el7eap.src.rpm\neap7-undertow-jastow-2.0.14-1.Final_redhat_00001.1.el7eap.src.rpm\neap7-wildfly-7.4.10-6.GA_redhat_00002.1.el7eap.src.rpm\neap7-wildfly-http-client-1.1.16-1.Final_redhat_00002.1.el7eap.src.rpm\n\nnoarch:\neap7-activemq-artemis-native-1.0.2-3.redhat_00004.1.el7eap.noarch.rpm\neap7-apache-mime4j-0.8.9-1.redhat_00001.1.el7eap.noarch.rpm\neap7-artemis-wildfly-integration-1.0.7-1.redhat_00001.1.el7eap.noarch.rpm\neap7-infinispan-11.0.17-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-infinispan-cachestore-jdbc-11.0.17-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-infinispan-cachestore-remote-11.0.17-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-infinispan-client-hotrod-11.0.17-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-infinispan-commons-11.0.17-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-infinispan-component-annotations-11.0.17-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-infinispan-core-11.0.17-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-infinispan-hibernate-cache-commons-11.0.17-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-infinispan-hibernate-cache-spi-11.0.17-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-infinispan-hibernate-cache-v53-11.0.17-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-ironjacamar-1.5.11-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-ironjacamar-common-api-1.5.11-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-ironjacamar-common-impl-1.5.11-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-ironjacamar-common-spi-1.5.11-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-ironjacamar-core-api-1.5.11-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-ironjacamar-core-impl-1.5.11-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-ironjacamar-deployers-common-1.5.11-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-ironjacamar-jdbc-1.5.11-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-ironjacamar-validator-1.5.11-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-jboss-ejb-client-4.0.50-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-jboss-el-api_3.0_spec-2.0.1-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-jboss-metadata-13.4.0-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-jboss-metadata-appclient-13.4.0-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-jboss-metadata-common-13.4.0-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-jboss-metadata-ear-13.4.0-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-jboss-metadata-ejb-13.4.0-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-jboss-metadata-web-13.4.0-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-jboss-server-migration-1.10.0-26.Final_redhat_00025.1.el7eap.noarch.rpm\neap7-jboss-server-migration-cli-1.10.0-26.Final_redhat_00025.1.el7eap.noarch.rpm\neap7-jboss-server-migration-core-1.10.0-26.Final_redhat_00025.1.el7eap.noarch.rpm\neap7-jbossws-cxf-5.4.8-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-jbossws-spi-3.4.0-2.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-netty-4.1.86-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-netty-all-4.1.86-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-netty-buffer-4.1.86-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-netty-codec-4.1.86-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-netty-codec-dns-4.1.86-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-netty-codec-haproxy-4.1.86-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-netty-codec-http-4.1.86-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-netty-codec-http2-4.1.86-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-netty-codec-memcache-4.1.86-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-netty-codec-mqtt-4.1.86-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-netty-codec-redis-4.1.86-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-netty-codec-smtp-4.1.86-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-netty-codec-socks-4.1.86-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-netty-codec-stomp-4.1.86-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-netty-codec-xml-4.1.86-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-netty-common-4.1.86-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-netty-handler-4.1.86-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-netty-handler-proxy-4.1.86-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-netty-resolver-4.1.86-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-netty-resolver-dns-4.1.86-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-netty-resolver-dns-classes-macos-4.1.86-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-netty-transport-4.1.86-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-netty-transport-classes-epoll-4.1.86-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-netty-transport-classes-kqueue-4.1.86-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-netty-transport-native-unix-common-4.1.86-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-netty-transport-rxtx-4.1.86-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-netty-transport-sctp-4.1.86-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-netty-transport-udt-4.1.86-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-picketlink-api-2.5.5-22.SP12_redhat_00012.1.el7eap.noarch.rpm\neap7-picketlink-common-2.5.5-22.SP12_redhat_00012.1.el7eap.noarch.rpm\neap7-picketlink-config-2.5.5-22.SP12_redhat_00012.1.el7eap.noarch.rpm\neap7-picketlink-federation-2.5.5-22.SP12_redhat_00012.1.el7eap.noarch.rpm\neap7-picketlink-idm-api-2.5.5-22.SP12_redhat_00012.1.el7eap.noarch.rpm\neap7-picketlink-idm-impl-2.5.5-22.SP12_redhat_00012.1.el7eap.noarch.rpm\neap7-picketlink-idm-simple-schema-2.5.5-22.SP12_redhat_00012.1.el7eap.noarch.rpm\neap7-picketlink-impl-2.5.5-22.SP12_redhat_00012.1.el7eap.noarch.rpm\neap7-resteasy-3.15.5-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-resteasy-atom-provider-3.15.5-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-resteasy-cdi-3.15.5-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-resteasy-client-3.15.5-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-resteasy-crypto-3.15.5-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-resteasy-jackson-provider-3.15.5-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-resteasy-jackson2-provider-3.15.5-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-resteasy-jaxb-provider-3.15.5-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-resteasy-jaxrs-3.15.5-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-resteasy-jettison-provider-3.15.5-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-resteasy-jose-jwt-3.15.5-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-resteasy-jsapi-3.15.5-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-resteasy-json-binding-provider-3.15.5-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-resteasy-json-p-provider-3.15.5-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-resteasy-multipart-provider-3.15.5-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-resteasy-rxjava2-3.15.5-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-resteasy-spring-3.15.5-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-resteasy-validator-provider-11-3.15.5-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-resteasy-yaml-provider-3.15.5-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-snakeyaml-1.33.0-2.SP1_redhat_00001.1.el7eap.noarch.rpm\neap7-undertow-2.2.23-1.SP2_redhat_00001.1.el7eap.noarch.rpm\neap7-undertow-jastow-2.0.14-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-wildfly-7.4.10-6.GA_redhat_00002.1.el7eap.noarch.rpm\neap7-wildfly-http-client-common-1.1.16-1.Final_redhat_00002.1.el7eap.noarch.rpm\neap7-wildfly-http-ejb-client-1.1.16-1.Final_redhat_00002.1.el7eap.noarch.rpm\neap7-wildfly-http-naming-client-1.1.16-1.Final_redhat_00002.1.el7eap.noarch.rpm\neap7-wildfly-http-transaction-client-1.1.16-1.Final_redhat_00002.1.el7eap.noarch.rpm\neap7-wildfly-java-jdk11-7.4.10-6.GA_redhat_00002.1.el7eap.noarch.rpm\neap7-wildfly-java-jdk8-7.4.10-6.GA_redhat_00002.1.el7eap.noarch.rpm\neap7-wildfly-javadocs-7.4.10-6.GA_redhat_00002.1.el7eap.noarch.rpm\neap7-wildfly-modules-7.4.10-6.GA_redhat_00002.1.el7eap.noarch.rpm\n\nx86_64:\neap7-artemis-native-1.0.2-4.redhat_00004.1.el7eap.x86_64.rpm\neap7-artemis-native-debuginfo-1.0.2-4.redhat_00004.1.el7eap.x86_64.rpm\neap7-artemis-native-wildfly-1.0.2-4.redhat_00004.1.el7eap.x86_64.rpm\neap7-netty-transport-native-epoll-4.1.86-1.Final_redhat_00001.1.el7eap.x86_64.rpm\neap7-netty-transport-native-epoll-debuginfo-4.1.86-1.Final_redhat_00001.1.el7eap.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n8. References:\n\nhttps://access.redhat.com/security/cve/CVE-2022-1471\nhttps://access.redhat.com/security/cve/CVE-2022-4492\nhttps://access.redhat.com/security/cve/CVE-2022-38752\nhttps://access.redhat.com/security/cve/CVE-2022-41853\nhttps://access.redhat.com/security/cve/CVE-2022-41854\nhttps://access.redhat.com/security/cve/CVE-2022-41881\nhttps://access.redhat.com/security/cve/CVE-2022-45787\nhttps://access.redhat.com/security/cve/CVE-2023-0482\nhttps://access.redhat.com/security/cve/CVE-2023-1108\nhttps://access.redhat.com/security/updates/classification/#important\nhttps://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/\nhttps://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/\n\n9. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2023 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBZCT+zNzjgjWX9erEAQjgHg/+JaRL/MORx2YrlQ2vSQf3wEHiXL7cSG5b\n81HEug+HhLXEzqjRLmFtsqM+eBYFMawokVsOX0PBat7yyJUcwttn7NdO8MlEvrKA\nJuh3RHqCSJPE3X5N7OnKTkdJUs7Zxfvmzo6mIly321gjUl51bxl/yVPzXuBiI89S\nrPgI1n6wdp4Tb/HDxZ5h2rAX7L8xckVzHnr3ld8MG3Mi2CqrvSnLkYy1YsAxiSrF\nQ8tT1dCnCAjUEA2wULxq0a+PrH5cCpkBJ8d6w5Y9lxGKuF1dYzUQAIaDuCvTw4w4\n7i5g5Gt3X+/uks/8y00NWxDOTHWnzvlHTT7NWZAtSD1PwknaGQJ4dGPJMUo+Y2Tt\ncVuxyhcfQMixEc6+P6EwJrdWuaa6MdU8rceWKFc/a8X//BefU0chSAGi9CfXsC1y\nWBR75mfFZleVPRoJtQ0ZLz+Se0rsKwxV9F/FbHlcAhCvaZzbDi2PAHH3YhPqMcmu\nJdgRJlT/xBDeZMqb+4U9aiwKox53tuXW7ACUZeN8dlP/pCLiiFFaW0jaObR5zfVy\nR51T2b2Lyt7HHkxp/GGXNOfZHjkgYDHGssduzDADhMthLPLJrJb9jQdWRrkjFagt\n4agw2EM+/mtBpB4Wcsp1CXb61UfU4jv0O5BPIvHx81l+vqZRKVuICmCb4FI/wnEi\nfsWX8UaljMw=\n=qlyL\n-----END PGP SIGNATURE-----\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. You can also manage\nuser accounts for web applications, mobile applications, and RESTful web\nservices. Description:\n\nRed Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak\nproject, that provides authentication and standards-based single sign-on\ncapabilities for web and mobile applications. Bugs fixed (https://bugzilla.redhat.com/):\n\n2158916 - CVE-2022-45787 apache-james-mime4j: Temporary File Information Disclosure in MIME4J TempFileStorageProvider\n2163533 - CVE-2023-0481 quarkus: insecure permissions on temp files\n2166004 - CVE-2023-0482 RESTEasy: creation of insecure temp files\n2174854 - CVE-2023-26053 gradle: usage of long IDs for PGP keys is unsafe and is subject to collision attacks\n2180886 - CVE-2023-1584 quarkus-oidc: ID and access tokens leak via the authorization code flow\n2181977 - CVE-2023-28867 graphql-java: crafted GraphQL query causes stack consumption\n2182788 - CVE-2023-1436 jettison: Uncontrolled Recursion in JSONArray\n2211026 - CVE-2023-2974 quarkus-core: TLS protocol configured with quarkus.http.ssl.protocols is not enforced, client can enforce weaker supported TLS protocol\n\n5. JIRA issues fixed (https://issues.redhat.com/):\n\nQUARKUS-2672 - Infinispan client is not aligned with newly released Red Hat Data Grid 8.4\nQUARKUS-2787 - Rest Data Panache: Correct Open API integration\nQUARKUS-2846 - Ensure that new line chars don\u0027t break Panache projection\nQUARKUS-2978 - ExceptionMapper\u003cWebApplicationException\u003e is not working in DEV mode\nQUARKUS-3158 - Do not create session and PKCE encryption keys if only bearer tokens are expected\nQUARKUS-3159 - 2.13: Do not support any Origin by default if CORS is enabled\nQUARKUS-3161 - Fix security-csrf-prevention.adoc\nQUARKUS-3164 - Logging with Panache: fix LocalVariablesSorter usage\nQUARKUS-3167 - Make SDKMAN releases minor for maintenance and preview releases\nQUARKUS-3168 - Backport Ensure that ConfigBuilder classes work in native mode to 2.13\nQUARKUS-3169 - New home for Narayana LRA coordinator Docker images\nQUARKUS-3170 - Fix truststore REST Client config when password is not set\nQUARKUS-3173 - Reinitialize sun.security.pkcs11.P11Util at runtime\nQUARKUS-3174 - Prevent SSE writing from potentially causing accumulation of headers\nQUARKUS-3175 - Filter out RESTEasy related warning in ProviderConfigInjectionWarningsTest\nQUARKUS-3176 - Make sure parent modules are loaded into workspace before those that depend on them\nQUARKUS-3177 - Fix copy paste error in qute docs\nQUARKUS-3178 - Pass `--userns=keep-id` to podman only when in rootless mode\nQUARKUS-3179 - Fix stuck HTTP2 request when sent challenge has resumed request\nQUARKUS-3181 - Make sure quarkus:go-offline properly supports test scoped dependencies\nQUARKUS-3184 - Use SchemaType.ARRAY instead of \"ARRAY\" for native support\nQUARKUS-3185 - Simplify logic in create-app.adoc and allow to define stream\nQUARKUS-3187 - Allow context propagation for OpenTelemetry\nQUARKUS-3188 - Fix RestAssured URL handling and unexpected restarts in QuarkusProdModeTest\nQUARKUS-3191 - Drop \u0027:z\u0027 bind option when using MacOS and Podman\nQUARKUS-3194 - Exclude Netty\u0027s reflection configuration files\nQUARKUS-3195 - Integrate the api dependency from Infinispan 14  (#ISPN-14268)\nQUARKUS-3205 - Missing JARs and other discrepancies related to xpp3 dependency in 2.13.8",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2022-45787"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-001784"
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-45787"
      },
      {
        "db": "PACKETSTORM",
        "id": "171600"
      },
      {
        "db": "PACKETSTORM",
        "id": "171593"
      },
      {
        "db": "PACKETSTORM",
        "id": "171664"
      },
      {
        "db": "PACKETSTORM",
        "id": "172284"
      },
      {
        "db": "PACKETSTORM",
        "id": "172281"
      },
      {
        "db": "PACKETSTORM",
        "id": "172265"
      },
      {
        "db": "PACKETSTORM",
        "id": "173213"
      }
    ],
    "trust": 2.34
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2022-45787",
        "trust": 4.0
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-001784",
        "trust": 0.8
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2023.3663",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2023.1879",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2023.1925",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2023.3726",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202301-447",
        "trust": 0.6
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-45787",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "171600",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "171593",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "171664",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "172284",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "172281",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "172265",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "173213",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2022-45787"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-001784"
      },
      {
        "db": "PACKETSTORM",
        "id": "171600"
      },
      {
        "db": "PACKETSTORM",
        "id": "171593"
      },
      {
        "db": "PACKETSTORM",
        "id": "171664"
      },
      {
        "db": "PACKETSTORM",
        "id": "172284"
      },
      {
        "db": "PACKETSTORM",
        "id": "172281"
      },
      {
        "db": "PACKETSTORM",
        "id": "172265"
      },
      {
        "db": "PACKETSTORM",
        "id": "173213"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202301-447"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-45787"
      }
    ]
  },
  "id": "VAR-202301-0598",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.2536232
  },
  "last_update_date": "2024-07-23T19:32:41.408000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "hitachi-sec-2023-143",
        "trust": 0.8,
        "url": "https://lists.apache.org/thread/26s8p9stl1z261c4qw15bsq03tt7t0rj"
      },
      {
        "title": "Apache James Repair measures for information disclosure vulnerabilities",
        "trust": 0.6,
        "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=221320"
      },
      {
        "title": "",
        "trust": 0.1,
        "url": "https://github.com/live-hack-cve/cve-2022-45787 "
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2022-45787"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-001784"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202301-447"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-312",
        "trust": 1.0
      },
      {
        "problemtype": "Plaintext storage of important information (CWE-312) [NVD evaluation ]",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-001784"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-45787"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.7,
        "url": "https://lists.apache.org/thread/26s8p9stl1z261c4qw15bsq03tt7t0rj"
      },
      {
        "trust": 1.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-45787"
      },
      {
        "trust": 0.7,
        "url": "https://access.redhat.com/security/cve/cve-2023-0482"
      },
      {
        "trust": 0.7,
        "url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
      },
      {
        "trust": 0.7,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2023-0482"
      },
      {
        "trust": 0.7,
        "url": "https://access.redhat.com/articles/11258"
      },
      {
        "trust": 0.7,
        "url": "https://access.redhat.com/security/cve/cve-2022-45787"
      },
      {
        "trust": 0.7,
        "url": "https://bugzilla.redhat.com/):"
      },
      {
        "trust": 0.7,
        "url": "https://access.redhat.com/security/team/contact/"
      },
      {
        "trust": 0.6,
        "url": "https://access.redhat.com/security/cve/cve-2022-4492"
      },
      {
        "trust": 0.6,
        "url": "https://access.redhat.com/security/cve/cve-2022-41854"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-4492"
      },
      {
        "trust": 0.6,
        "url": "https://access.redhat.com/security/cve/cve-2022-38752"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-41881"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-38752"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-41854"
      },
      {
        "trust": 0.6,
        "url": "https://access.redhat.com/security/cve/cve-2022-41881"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2023.1925"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2023.1879"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2023.3726"
      },
      {
        "trust": 0.6,
        "url": "https://cxsecurity.com/cveshow/cve-2022-45787/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2023.3663"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "trust": 0.3,
        "url": "https://issues.jboss.org/):"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2023-1108"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2023-1108"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/team/key/"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1471"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-41853"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2022-1471"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2022-41853"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2021-0341"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-0341"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/200.html"
      },
      {
        "trust": 0.1,
        "url": "https://github.com/live-hack-cve/cve-2022-45787"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2023:1513"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2023:1512"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=securitypatches\u0026product=appplatform\u0026version=7.4"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2023:1516"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2023-21967"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2023-21938"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2023-0361"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2023-21939"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2023:2710"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2023-0361"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2023-21930"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2023-21937"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2023-21968"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2023-21967"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2023-21938"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2023-21930"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2023-21954"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2023-21939"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2023-21954"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2023-21937"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=core.service.rhsso\u0026downloadtype=securitypatches\u0026version=7.6"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2023:2713"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2023:2705"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2023-26053"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2023-1436"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2023-28867"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/documentation/en-us/red_hat_build_of_quarkus/2.13/"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/articles/4966181"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2023-26053"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2023-1584"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2023-0481"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2023-0481"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2023-1584"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2023-2974"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2023-28867"
      },
      {
        "trust": 0.1,
        "url": "https://issues.redhat.com/):"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2023:3809"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2023-2974"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2023-1436"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2022-45787"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-001784"
      },
      {
        "db": "PACKETSTORM",
        "id": "171600"
      },
      {
        "db": "PACKETSTORM",
        "id": "171593"
      },
      {
        "db": "PACKETSTORM",
        "id": "171664"
      },
      {
        "db": "PACKETSTORM",
        "id": "172284"
      },
      {
        "db": "PACKETSTORM",
        "id": "172281"
      },
      {
        "db": "PACKETSTORM",
        "id": "172265"
      },
      {
        "db": "PACKETSTORM",
        "id": "173213"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202301-447"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-45787"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULMON",
        "id": "CVE-2022-45787"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-001784"
      },
      {
        "db": "PACKETSTORM",
        "id": "171600"
      },
      {
        "db": "PACKETSTORM",
        "id": "171593"
      },
      {
        "db": "PACKETSTORM",
        "id": "171664"
      },
      {
        "db": "PACKETSTORM",
        "id": "172284"
      },
      {
        "db": "PACKETSTORM",
        "id": "172281"
      },
      {
        "db": "PACKETSTORM",
        "id": "172265"
      },
      {
        "db": "PACKETSTORM",
        "id": "173213"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202301-447"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-45787"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2023-01-06T00:00:00",
        "db": "VULMON",
        "id": "CVE-2022-45787"
      },
      {
        "date": "2023-05-11T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2023-001784"
      },
      {
        "date": "2023-03-30T17:37:20",
        "db": "PACKETSTORM",
        "id": "171600"
      },
      {
        "date": "2023-03-30T17:23:56",
        "db": "PACKETSTORM",
        "id": "171593"
      },
      {
        "date": "2023-04-03T16:59:40",
        "db": "PACKETSTORM",
        "id": "171664"
      },
      {
        "date": "2023-05-11T15:12:56",
        "db": "PACKETSTORM",
        "id": "172284"
      },
      {
        "date": "2023-05-11T15:05:35",
        "db": "PACKETSTORM",
        "id": "172281"
      },
      {
        "date": "2023-05-10T15:30:39",
        "db": "PACKETSTORM",
        "id": "172265"
      },
      {
        "date": "2023-06-30T14:34:04",
        "db": "PACKETSTORM",
        "id": "173213"
      },
      {
        "date": "2023-01-06T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202301-447"
      },
      {
        "date": "2023-01-06T10:15:10.383000",
        "db": "NVD",
        "id": "CVE-2022-45787"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2023-01-06T00:00:00",
        "db": "VULMON",
        "id": "CVE-2022-45787"
      },
      {
        "date": "2023-10-04T05:41:00",
        "db": "JVNDB",
        "id": "JVNDB-2023-001784"
      },
      {
        "date": "2023-06-30T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202301-447"
      },
      {
        "date": "2023-11-07T03:54:49.427000",
        "db": "NVD",
        "id": "CVE-2022-45787"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "local",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202301-447"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Apache\u00a0James\u00a0MIME4J\u00a0 Vulnerability in plaintext storage of important information in",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-001784"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "information disclosure",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202301-447"
      }
    ],
    "trust": 0.6
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.