Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2020-11612 (GCVE-0-2020-11612)
Vulnerability from cvelistv5 – Published: 2020-04-07 18:00 – Updated: 2024-08-04 11:35
VLAI
EPSS
Summary
The ZlibDecoders in Netty 4.1.x before 4.1.46 allow for unbounded memory allocation while decoding a ZlibEncoded byte stream. An attacker could send a large ZlibEncoded byte stream to the Netty server, forcing the server to allocate all of its free memory to a single decoder.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
45 references
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:35:13.236Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[druid-commits] 20200408 [GitHub] [druid] ccaominh opened a new pull request #9651: Upgrade netty 4 to fix CVE-2020-11612",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r2958e4d49ee046e1e561e44fdc114a0d2285927501880f15852a9b53%40%3Ccommits.druid.apache.org%3E"
},
{
"name": "[druid-commits] 20200409 [GitHub] [druid] jon-wei merged pull request #9651: Upgrade netty 4 to fix CVE-2020-11612",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r3195127e46c87a680b5d1d3733470f83b886bfd3b890c50df718bed1%40%3Ccommits.druid.apache.org%3E"
},
{
"name": "[druid-commits] 20200409 [GitHub] [druid] ccaominh opened a new pull request #9654: [Backport] Upgrade netty 4 to fix CVE-2020-11612 (#9651)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r14446ed58208cb6d97b6faa6ebf145f1cf2c70c0886c0c133f4d3b6f%40%3Ccommits.druid.apache.org%3E"
},
{
"name": "[druid-commits] 20200409 [GitHub] [druid] ccaominh commented on issue #9654: [Backport] Upgrade netty 4 to fix CVE-2020-11612 (#9651)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/ra98e3a8541a09271f96478d5e22c7e3bd1afdf48641c8be25d62d9f9%40%3Ccommits.druid.apache.org%3E"
},
{
"name": "[druid-commits] 20200409 [GitHub] [druid] jon-wei merged pull request #9654: [Backport] Upgrade netty 4 to fix CVE-2020-11612 (#9651)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r8a654f11e1172b0effbfd6f8d5b6ca651ae4ac724a976923c268a42f%40%3Ccommits.druid.apache.org%3E"
},
{
"name": "[druid-commits] 20200409 [druid] branch 0.18.0 updated: Upgrade netty 4 to fix CVE-2020-11612 (#9651) (#9654)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r7836bbdbe95c99d4d725199f0c169927d4e87ba57e4beeeb699c097a%40%3Ccommits.druid.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20200413 [jira] [Updated] (ZOOKEEPER-3794) upgrade netty to address CVE-2020-11612",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r5b1ad61552591b747cd31b3a908d5ff2e8f2a8a6847583dd6b7b1ee7%40%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20200413 [jira] [Created] (ZOOKEEPER-3794) upgrade netty to address CVE-2020-11612",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r88e2b91560c065ed67e62adf8f401c417e4d70256d11ea447215a70c%40%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-dev] 20200413 [jira] [Created] (ZOOKEEPER-3794) upgrade netty to address CVE-2020-11612",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rfd173eac20d5e5f581c8984b685c836dafea8eb2f7ff85f617704cf1%40%3Cdev.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-notifications] 20200413 [GitHub] [zookeeper] phunt opened a new pull request #1319: ZOOKEEPER-3794: upgrade netty to address CVE-2020-11612",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/ref2c8a0cbb3b8271e5b9a06457ba78ad2028128627186531730f50ef%40%3Cnotifications.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20200413 [jira] [Assigned] (ZOOKEEPER-3794) upgrade netty to address CVE-2020-11612",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r255ed239e65d0596812362adc474bee96caf7ba042c7ad2f3c62cec7%40%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-notifications] 20200414 [GitHub] [zookeeper] eolivelli commented on issue #1319: ZOOKEEPER-3794: upgrade netty to address CVE-2020-11612",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rf803b65b4a57589d79cf2e83d8ece0539018d32864f932f63c972844%40%3Cnotifications.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-notifications] 20200414 [GitHub] [zookeeper] phunt commented on issue #1319: ZOOKEEPER-3794: upgrade netty to address CVE-2020-11612",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rd302ddb501fa02c5119120e5fc21df9a1c00e221c490edbe2d7ad365%40%3Cnotifications.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20200415 [jira] [Resolved] (ZOOKEEPER-3794) upgrade netty to address CVE-2020-11612",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/re1ea144e91f03175d661b2d3e97c7d74b912e019613fa90419cf63f4%40%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-commits] 20200415 [zookeeper] branch branch-3.6 updated: ZOOKEEPER-3794: upgrade netty to address CVE-2020-11612",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r866288c2ada00ce148b7307cdf869f15f24302b3eb2128af33830997%40%3Ccommits.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-commits] 20200415 [zookeeper] branch release-3.6.1 updated: ZOOKEEPER-3794: upgrade netty to address CVE-2020-11612",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rff8859c0d06b1688344b39097f9685c43b461cf2bc41f60f001704e9%40%3Ccommits.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-notifications] 20200415 [GitHub] [zookeeper] eolivelli closed pull request #1319: ZOOKEEPER-3794: upgrade netty to address CVE-2020-11612",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r4a7e4e23bd84ac24abf30ab5d5edf989c02b555e1eca6a2f28636692%40%3Cnotifications.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-commits] 20200415 [zookeeper] branch branch-3.5 updated: ZOOKEEPER-3794: upgrade netty to address CVE-2020-11612",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r9c30b7fca4baedebcb46d6e0f90071b30cc4a0e074164d50122ec5ec%40%3Ccommits.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-commits] 20200415 [zookeeper] branch master updated: ZOOKEEPER-3794: upgrade netty to address CVE-2020-11612",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r281882fdf9ea89aac02fd2f92786693a956aac2ce9840cce87c7df6b%40%3Ccommits.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-notifications] 20200415 Build failed in Jenkins: zookeeper-master-maven-jdk12 #465",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r5030cd8ea5df1e64cf6a7b633eff145992fbca03e8bfc687cd2427ab%40%3Cnotifications.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-notifications] 20200415 Build failed in Jenkins: zookeeper-branch36-java8 #137",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r3ea4918d20d0c1fa26cac74cc7cda001d8990bc43473d062867ef70d%40%3Cnotifications.zookeeper.apache.org%3E"
},
{
"name": "[pulsar-commits] 20200416 [GitHub] [pulsar] massakam opened a new pull request #6746: [build] Bump netty version to 4.1.48.Final",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/ref3943adbc3a8813aee0e3a9dd919bacbb27f626be030a3c6d6c7f83%40%3Ccommits.pulsar.apache.org%3E"
},
{
"name": "[zookeeper-commits] 20200504 [zookeeper] branch master updated: ZOOKEEPER-3794: upgrade netty to address CVE-2020-11612 - fixed file rename typo",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r9addb580456807cd11d6f0c6b6373b7d7161d06d2278866c30c7febb%40%3Ccommits.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-notifications] 20200504 Build failed in Jenkins: zookeeper-master-maven #784",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r4f4a14d6a608db447b725ec2e96c26ac9664d83cd879aa21e2cfeb24%40%3Cnotifications.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-notifications] 20200504 Build failed in Jenkins: zookeeper-master-maven-owasp #489",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r7641ee788e1eb1be4bb206a7d15f8a64ec6ef23e5ec6132d5a567695%40%3Cnotifications.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-commits] 20200504 [zookeeper] branch branch-3.6 updated: ZOOKEEPER-3794: upgrade netty to address CVE-2020-11612 - fixed file rename typo",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rf9f8bcc4ca8d2788f77455ff594468404732a4497baebe319043f4d5%40%3Ccommits.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-notifications] 20200504 Build failed in Jenkins: zookeeper-master-maven-jdk12 #490",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r5a0b1f0b1c3bcd66f5177fbd6f6de2d0f8cae24a13ab2669f274251a%40%3Cnotifications.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-commits] 20200504 [zookeeper] branch branch-3.5 updated: ZOOKEEPER-3794: upgrade netty to address CVE-2020-11612 - fixed file rename typo",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r69b23a94d4ae45394cabae012dd1f4a963996869c44c478eb1c61082%40%3Ccommits.zookeeper.apache.org%3E"
},
{
"name": "[debian-lts-announce] 20200904 [SECURITY] [DLA 2364-1] netty security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00003.html"
},
{
"name": "[flink-issues] 20200910 [jira] [Created] (FLINK-19195) question on security vulnerabilities in flink",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/raaac04b7567c554786132144bea3dcb72568edd410c1e6f0101742e7%40%3Cissues.flink.apache.org%3E"
},
{
"name": "[flink-dev] 20200910 [jira] [Created] (FLINK-19195) question on security vulnerabilities in flink",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rf5b2dfb7401666a19915f8eaef3ba9f5c3386e2066fcd2ae66e16a2f%40%3Cdev.flink.apache.org%3E"
},
{
"name": "FEDORA-2020-66b5f85ccc",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TS6VX7OMXPDJIU5LRGUAHRK6MENAVJ46/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/netty/netty/issues/6168"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/netty/netty/pull/9924"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/netty/netty/compare/netty-4.1.45.Final...netty-4.1.46.Final"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r31424427cc6d7db46beac481bdeed9a823fc20bb1b9deede38557f71%40%3Cnotifications.zookeeper.apache.org%3E"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20201223-0001/"
},
{
"name": "[pulsar-commits] 20210120 [GitHub] [pulsar] fmiguelez opened a new issue #9249: Upgrade Netty dependency in broker to solve vulnerabilities: CVE-2019-16869, CVE-2020-11612, CVE-2019-20445, CVE-2019-20444",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r832724df393a7ef25ca4c7c2eb83ad2d6c21c74569acda5233f9f1ec%40%3Ccommits.pulsar.apache.org%3E"
},
{
"name": "[pulsar-commits] 20210121 [GitHub] [pulsar] hpvd commented on issue #9249: Upgrade Netty dependency in broker to solve vulnerabilities: CVE-2019-16869, CVE-2020-11612, CVE-2019-20445, CVE-2019-20444",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r7790b9d99696d9eddce8a8c96f13bb68460984294ea6fea3800143e4%40%3Ccommits.pulsar.apache.org%3E"
},
{
"name": "[pulsar-commits] 20210122 [GitHub] [pulsar] hpvd commented on issue #9249: Upgrade Netty dependency in broker to solve vulnerabilities: CVE-2019-16869, CVE-2020-11612, CVE-2019-20445, CVE-2019-20444",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rdb69125652311d0c41f6066ff44072a3642cf33a4b5e3c4f9c1ec9c2%40%3Ccommits.pulsar.apache.org%3E"
},
{
"name": "DSA-4885",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2021/dsa-4885"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The ZlibDecoders in Netty 4.1.x before 4.1.46 allow for unbounded memory allocation while decoding a ZlibEncoded byte stream. An attacker could send a large ZlibEncoded byte stream to the Netty server, forcing the server to allocate all of its free memory to a single decoder."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-19T23:21:05.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[druid-commits] 20200408 [GitHub] [druid] ccaominh opened a new pull request #9651: Upgrade netty 4 to fix CVE-2020-11612",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r2958e4d49ee046e1e561e44fdc114a0d2285927501880f15852a9b53%40%3Ccommits.druid.apache.org%3E"
},
{
"name": "[druid-commits] 20200409 [GitHub] [druid] jon-wei merged pull request #9651: Upgrade netty 4 to fix CVE-2020-11612",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r3195127e46c87a680b5d1d3733470f83b886bfd3b890c50df718bed1%40%3Ccommits.druid.apache.org%3E"
},
{
"name": "[druid-commits] 20200409 [GitHub] [druid] ccaominh opened a new pull request #9654: [Backport] Upgrade netty 4 to fix CVE-2020-11612 (#9651)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r14446ed58208cb6d97b6faa6ebf145f1cf2c70c0886c0c133f4d3b6f%40%3Ccommits.druid.apache.org%3E"
},
{
"name": "[druid-commits] 20200409 [GitHub] [druid] ccaominh commented on issue #9654: [Backport] Upgrade netty 4 to fix CVE-2020-11612 (#9651)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/ra98e3a8541a09271f96478d5e22c7e3bd1afdf48641c8be25d62d9f9%40%3Ccommits.druid.apache.org%3E"
},
{
"name": "[druid-commits] 20200409 [GitHub] [druid] jon-wei merged pull request #9654: [Backport] Upgrade netty 4 to fix CVE-2020-11612 (#9651)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r8a654f11e1172b0effbfd6f8d5b6ca651ae4ac724a976923c268a42f%40%3Ccommits.druid.apache.org%3E"
},
{
"name": "[druid-commits] 20200409 [druid] branch 0.18.0 updated: Upgrade netty 4 to fix CVE-2020-11612 (#9651) (#9654)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r7836bbdbe95c99d4d725199f0c169927d4e87ba57e4beeeb699c097a%40%3Ccommits.druid.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20200413 [jira] [Updated] (ZOOKEEPER-3794) upgrade netty to address CVE-2020-11612",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r5b1ad61552591b747cd31b3a908d5ff2e8f2a8a6847583dd6b7b1ee7%40%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20200413 [jira] [Created] (ZOOKEEPER-3794) upgrade netty to address CVE-2020-11612",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r88e2b91560c065ed67e62adf8f401c417e4d70256d11ea447215a70c%40%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-dev] 20200413 [jira] [Created] (ZOOKEEPER-3794) upgrade netty to address CVE-2020-11612",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rfd173eac20d5e5f581c8984b685c836dafea8eb2f7ff85f617704cf1%40%3Cdev.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-notifications] 20200413 [GitHub] [zookeeper] phunt opened a new pull request #1319: ZOOKEEPER-3794: upgrade netty to address CVE-2020-11612",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/ref2c8a0cbb3b8271e5b9a06457ba78ad2028128627186531730f50ef%40%3Cnotifications.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20200413 [jira] [Assigned] (ZOOKEEPER-3794) upgrade netty to address CVE-2020-11612",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r255ed239e65d0596812362adc474bee96caf7ba042c7ad2f3c62cec7%40%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-notifications] 20200414 [GitHub] [zookeeper] eolivelli commented on issue #1319: ZOOKEEPER-3794: upgrade netty to address CVE-2020-11612",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rf803b65b4a57589d79cf2e83d8ece0539018d32864f932f63c972844%40%3Cnotifications.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-notifications] 20200414 [GitHub] [zookeeper] phunt commented on issue #1319: ZOOKEEPER-3794: upgrade netty to address CVE-2020-11612",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rd302ddb501fa02c5119120e5fc21df9a1c00e221c490edbe2d7ad365%40%3Cnotifications.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20200415 [jira] [Resolved] (ZOOKEEPER-3794) upgrade netty to address CVE-2020-11612",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/re1ea144e91f03175d661b2d3e97c7d74b912e019613fa90419cf63f4%40%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-commits] 20200415 [zookeeper] branch branch-3.6 updated: ZOOKEEPER-3794: upgrade netty to address CVE-2020-11612",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r866288c2ada00ce148b7307cdf869f15f24302b3eb2128af33830997%40%3Ccommits.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-commits] 20200415 [zookeeper] branch release-3.6.1 updated: ZOOKEEPER-3794: upgrade netty to address CVE-2020-11612",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rff8859c0d06b1688344b39097f9685c43b461cf2bc41f60f001704e9%40%3Ccommits.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-notifications] 20200415 [GitHub] [zookeeper] eolivelli closed pull request #1319: ZOOKEEPER-3794: upgrade netty to address CVE-2020-11612",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r4a7e4e23bd84ac24abf30ab5d5edf989c02b555e1eca6a2f28636692%40%3Cnotifications.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-commits] 20200415 [zookeeper] branch branch-3.5 updated: ZOOKEEPER-3794: upgrade netty to address CVE-2020-11612",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r9c30b7fca4baedebcb46d6e0f90071b30cc4a0e074164d50122ec5ec%40%3Ccommits.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-commits] 20200415 [zookeeper] branch master updated: ZOOKEEPER-3794: upgrade netty to address CVE-2020-11612",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r281882fdf9ea89aac02fd2f92786693a956aac2ce9840cce87c7df6b%40%3Ccommits.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-notifications] 20200415 Build failed in Jenkins: zookeeper-master-maven-jdk12 #465",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r5030cd8ea5df1e64cf6a7b633eff145992fbca03e8bfc687cd2427ab%40%3Cnotifications.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-notifications] 20200415 Build failed in Jenkins: zookeeper-branch36-java8 #137",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r3ea4918d20d0c1fa26cac74cc7cda001d8990bc43473d062867ef70d%40%3Cnotifications.zookeeper.apache.org%3E"
},
{
"name": "[pulsar-commits] 20200416 [GitHub] [pulsar] massakam opened a new pull request #6746: [build] Bump netty version to 4.1.48.Final",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/ref3943adbc3a8813aee0e3a9dd919bacbb27f626be030a3c6d6c7f83%40%3Ccommits.pulsar.apache.org%3E"
},
{
"name": "[zookeeper-commits] 20200504 [zookeeper] branch master updated: ZOOKEEPER-3794: upgrade netty to address CVE-2020-11612 - fixed file rename typo",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r9addb580456807cd11d6f0c6b6373b7d7161d06d2278866c30c7febb%40%3Ccommits.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-notifications] 20200504 Build failed in Jenkins: zookeeper-master-maven #784",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r4f4a14d6a608db447b725ec2e96c26ac9664d83cd879aa21e2cfeb24%40%3Cnotifications.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-notifications] 20200504 Build failed in Jenkins: zookeeper-master-maven-owasp #489",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r7641ee788e1eb1be4bb206a7d15f8a64ec6ef23e5ec6132d5a567695%40%3Cnotifications.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-commits] 20200504 [zookeeper] branch branch-3.6 updated: ZOOKEEPER-3794: upgrade netty to address CVE-2020-11612 - fixed file rename typo",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rf9f8bcc4ca8d2788f77455ff594468404732a4497baebe319043f4d5%40%3Ccommits.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-notifications] 20200504 Build failed in Jenkins: zookeeper-master-maven-jdk12 #490",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r5a0b1f0b1c3bcd66f5177fbd6f6de2d0f8cae24a13ab2669f274251a%40%3Cnotifications.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-commits] 20200504 [zookeeper] branch branch-3.5 updated: ZOOKEEPER-3794: upgrade netty to address CVE-2020-11612 - fixed file rename typo",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r69b23a94d4ae45394cabae012dd1f4a963996869c44c478eb1c61082%40%3Ccommits.zookeeper.apache.org%3E"
},
{
"name": "[debian-lts-announce] 20200904 [SECURITY] [DLA 2364-1] netty security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00003.html"
},
{
"name": "[flink-issues] 20200910 [jira] [Created] (FLINK-19195) question on security vulnerabilities in flink",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/raaac04b7567c554786132144bea3dcb72568edd410c1e6f0101742e7%40%3Cissues.flink.apache.org%3E"
},
{
"name": "[flink-dev] 20200910 [jira] [Created] (FLINK-19195) question on security vulnerabilities in flink",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rf5b2dfb7401666a19915f8eaef3ba9f5c3386e2066fcd2ae66e16a2f%40%3Cdev.flink.apache.org%3E"
},
{
"name": "FEDORA-2020-66b5f85ccc",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TS6VX7OMXPDJIU5LRGUAHRK6MENAVJ46/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/netty/netty/issues/6168"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/netty/netty/pull/9924"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/netty/netty/compare/netty-4.1.45.Final...netty-4.1.46.Final"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lists.apache.org/thread.html/r31424427cc6d7db46beac481bdeed9a823fc20bb1b9deede38557f71%40%3Cnotifications.zookeeper.apache.org%3E"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20201223-0001/"
},
{
"name": "[pulsar-commits] 20210120 [GitHub] [pulsar] fmiguelez opened a new issue #9249: Upgrade Netty dependency in broker to solve vulnerabilities: CVE-2019-16869, CVE-2020-11612, CVE-2019-20445, CVE-2019-20444",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r832724df393a7ef25ca4c7c2eb83ad2d6c21c74569acda5233f9f1ec%40%3Ccommits.pulsar.apache.org%3E"
},
{
"name": "[pulsar-commits] 20210121 [GitHub] [pulsar] hpvd commented on issue #9249: Upgrade Netty dependency in broker to solve vulnerabilities: CVE-2019-16869, CVE-2020-11612, CVE-2019-20445, CVE-2019-20444",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r7790b9d99696d9eddce8a8c96f13bb68460984294ea6fea3800143e4%40%3Ccommits.pulsar.apache.org%3E"
},
{
"name": "[pulsar-commits] 20210122 [GitHub] [pulsar] hpvd commented on issue #9249: Upgrade Netty dependency in broker to solve vulnerabilities: CVE-2019-16869, CVE-2020-11612, CVE-2019-20445, CVE-2019-20444",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rdb69125652311d0c41f6066ff44072a3642cf33a4b5e3c4f9c1ec9c2%40%3Ccommits.pulsar.apache.org%3E"
},
{
"name": "DSA-4885",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2021/dsa-4885"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-11612",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The ZlibDecoders in Netty 4.1.x before 4.1.46 allow for unbounded memory allocation while decoding a ZlibEncoded byte stream. An attacker could send a large ZlibEncoded byte stream to the Netty server, forcing the server to allocate all of its free memory to a single decoder."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[druid-commits] 20200408 [GitHub] [druid] ccaominh opened a new pull request #9651: Upgrade netty 4 to fix CVE-2020-11612",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r2958e4d49ee046e1e561e44fdc114a0d2285927501880f15852a9b53@%3Ccommits.druid.apache.org%3E"
},
{
"name": "[druid-commits] 20200409 [GitHub] [druid] jon-wei merged pull request #9651: Upgrade netty 4 to fix CVE-2020-11612",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r3195127e46c87a680b5d1d3733470f83b886bfd3b890c50df718bed1@%3Ccommits.druid.apache.org%3E"
},
{
"name": "[druid-commits] 20200409 [GitHub] [druid] ccaominh opened a new pull request #9654: [Backport] Upgrade netty 4 to fix CVE-2020-11612 (#9651)",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r14446ed58208cb6d97b6faa6ebf145f1cf2c70c0886c0c133f4d3b6f@%3Ccommits.druid.apache.org%3E"
},
{
"name": "[druid-commits] 20200409 [GitHub] [druid] ccaominh commented on issue #9654: [Backport] Upgrade netty 4 to fix CVE-2020-11612 (#9651)",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/ra98e3a8541a09271f96478d5e22c7e3bd1afdf48641c8be25d62d9f9@%3Ccommits.druid.apache.org%3E"
},
{
"name": "[druid-commits] 20200409 [GitHub] [druid] jon-wei merged pull request #9654: [Backport] Upgrade netty 4 to fix CVE-2020-11612 (#9651)",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r8a654f11e1172b0effbfd6f8d5b6ca651ae4ac724a976923c268a42f@%3Ccommits.druid.apache.org%3E"
},
{
"name": "[druid-commits] 20200409 [druid] branch 0.18.0 updated: Upgrade netty 4 to fix CVE-2020-11612 (#9651) (#9654)",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r7836bbdbe95c99d4d725199f0c169927d4e87ba57e4beeeb699c097a@%3Ccommits.druid.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20200413 [jira] [Updated] (ZOOKEEPER-3794) upgrade netty to address CVE-2020-11612",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r5b1ad61552591b747cd31b3a908d5ff2e8f2a8a6847583dd6b7b1ee7@%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20200413 [jira] [Created] (ZOOKEEPER-3794) upgrade netty to address CVE-2020-11612",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r88e2b91560c065ed67e62adf8f401c417e4d70256d11ea447215a70c@%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-dev] 20200413 [jira] [Created] (ZOOKEEPER-3794) upgrade netty to address CVE-2020-11612",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rfd173eac20d5e5f581c8984b685c836dafea8eb2f7ff85f617704cf1@%3Cdev.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-notifications] 20200413 [GitHub] [zookeeper] phunt opened a new pull request #1319: ZOOKEEPER-3794: upgrade netty to address CVE-2020-11612",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/ref2c8a0cbb3b8271e5b9a06457ba78ad2028128627186531730f50ef@%3Cnotifications.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20200413 [jira] [Assigned] (ZOOKEEPER-3794) upgrade netty to address CVE-2020-11612",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r255ed239e65d0596812362adc474bee96caf7ba042c7ad2f3c62cec7@%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-notifications] 20200414 [GitHub] [zookeeper] eolivelli commented on issue #1319: ZOOKEEPER-3794: upgrade netty to address CVE-2020-11612",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rf803b65b4a57589d79cf2e83d8ece0539018d32864f932f63c972844@%3Cnotifications.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-notifications] 20200414 [GitHub] [zookeeper] phunt commented on issue #1319: ZOOKEEPER-3794: upgrade netty to address CVE-2020-11612",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rd302ddb501fa02c5119120e5fc21df9a1c00e221c490edbe2d7ad365@%3Cnotifications.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20200415 [jira] [Resolved] (ZOOKEEPER-3794) upgrade netty to address CVE-2020-11612",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/re1ea144e91f03175d661b2d3e97c7d74b912e019613fa90419cf63f4@%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-commits] 20200415 [zookeeper] branch branch-3.6 updated: ZOOKEEPER-3794: upgrade netty to address CVE-2020-11612",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r866288c2ada00ce148b7307cdf869f15f24302b3eb2128af33830997@%3Ccommits.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-commits] 20200415 [zookeeper] branch release-3.6.1 updated: ZOOKEEPER-3794: upgrade netty to address CVE-2020-11612",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rff8859c0d06b1688344b39097f9685c43b461cf2bc41f60f001704e9@%3Ccommits.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-notifications] 20200415 [GitHub] [zookeeper] eolivelli closed pull request #1319: ZOOKEEPER-3794: upgrade netty to address CVE-2020-11612",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r4a7e4e23bd84ac24abf30ab5d5edf989c02b555e1eca6a2f28636692@%3Cnotifications.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-commits] 20200415 [zookeeper] branch branch-3.5 updated: ZOOKEEPER-3794: upgrade netty to address CVE-2020-11612",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r9c30b7fca4baedebcb46d6e0f90071b30cc4a0e074164d50122ec5ec@%3Ccommits.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-commits] 20200415 [zookeeper] branch master updated: ZOOKEEPER-3794: upgrade netty to address CVE-2020-11612",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r281882fdf9ea89aac02fd2f92786693a956aac2ce9840cce87c7df6b@%3Ccommits.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-notifications] 20200415 Build failed in Jenkins: zookeeper-master-maven-jdk12 #465",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r5030cd8ea5df1e64cf6a7b633eff145992fbca03e8bfc687cd2427ab@%3Cnotifications.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-notifications] 20200415 Build failed in Jenkins: zookeeper-branch36-java8 #137",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r3ea4918d20d0c1fa26cac74cc7cda001d8990bc43473d062867ef70d@%3Cnotifications.zookeeper.apache.org%3E"
},
{
"name": "[pulsar-commits] 20200416 [GitHub] [pulsar] massakam opened a new pull request #6746: [build] Bump netty version to 4.1.48.Final",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/ref3943adbc3a8813aee0e3a9dd919bacbb27f626be030a3c6d6c7f83@%3Ccommits.pulsar.apache.org%3E"
},
{
"name": "[zookeeper-commits] 20200504 [zookeeper] branch master updated: ZOOKEEPER-3794: upgrade netty to address CVE-2020-11612 - fixed file rename typo",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r9addb580456807cd11d6f0c6b6373b7d7161d06d2278866c30c7febb@%3Ccommits.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-notifications] 20200504 Build failed in Jenkins: zookeeper-master-maven #784",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r4f4a14d6a608db447b725ec2e96c26ac9664d83cd879aa21e2cfeb24@%3Cnotifications.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-notifications] 20200504 Build failed in Jenkins: zookeeper-master-maven-owasp #489",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r7641ee788e1eb1be4bb206a7d15f8a64ec6ef23e5ec6132d5a567695@%3Cnotifications.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-commits] 20200504 [zookeeper] branch branch-3.6 updated: ZOOKEEPER-3794: upgrade netty to address CVE-2020-11612 - fixed file rename typo",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rf9f8bcc4ca8d2788f77455ff594468404732a4497baebe319043f4d5@%3Ccommits.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-notifications] 20200504 Build failed in Jenkins: zookeeper-master-maven-jdk12 #490",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r5a0b1f0b1c3bcd66f5177fbd6f6de2d0f8cae24a13ab2669f274251a@%3Cnotifications.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-commits] 20200504 [zookeeper] branch branch-3.5 updated: ZOOKEEPER-3794: upgrade netty to address CVE-2020-11612 - fixed file rename typo",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r69b23a94d4ae45394cabae012dd1f4a963996869c44c478eb1c61082@%3Ccommits.zookeeper.apache.org%3E"
},
{
"name": "[debian-lts-announce] 20200904 [SECURITY] [DLA 2364-1] netty security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00003.html"
},
{
"name": "[flink-issues] 20200910 [jira] [Created] (FLINK-19195) question on security vulnerabilities in flink",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/raaac04b7567c554786132144bea3dcb72568edd410c1e6f0101742e7@%3Cissues.flink.apache.org%3E"
},
{
"name": "[flink-dev] 20200910 [jira] [Created] (FLINK-19195) question on security vulnerabilities in flink",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rf5b2dfb7401666a19915f8eaef3ba9f5c3386e2066fcd2ae66e16a2f@%3Cdev.flink.apache.org%3E"
},
{
"name": "FEDORA-2020-66b5f85ccc",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TS6VX7OMXPDJIU5LRGUAHRK6MENAVJ46/"
},
{
"name": "https://www.oracle.com/security-alerts/cpujan2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"name": "https://github.com/netty/netty/issues/6168",
"refsource": "MISC",
"url": "https://github.com/netty/netty/issues/6168"
},
{
"name": "https://github.com/netty/netty/pull/9924",
"refsource": "MISC",
"url": "https://github.com/netty/netty/pull/9924"
},
{
"name": "https://github.com/netty/netty/compare/netty-4.1.45.Final...netty-4.1.46.Final",
"refsource": "MISC",
"url": "https://github.com/netty/netty/compare/netty-4.1.45.Final...netty-4.1.46.Final"
},
{
"name": "https://lists.apache.org/thread.html/r31424427cc6d7db46beac481bdeed9a823fc20bb1b9deede38557f71@%3Cnotifications.zookeeper.apache.org%3E",
"refsource": "MISC",
"url": "https://lists.apache.org/thread.html/r31424427cc6d7db46beac481bdeed9a823fc20bb1b9deede38557f71@%3Cnotifications.zookeeper.apache.org%3E"
},
{
"name": "https://security.netapp.com/advisory/ntap-20201223-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20201223-0001/"
},
{
"name": "[pulsar-commits] 20210120 [GitHub] [pulsar] fmiguelez opened a new issue #9249: Upgrade Netty dependency in broker to solve vulnerabilities: CVE-2019-16869, CVE-2020-11612, CVE-2019-20445, CVE-2019-20444",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r832724df393a7ef25ca4c7c2eb83ad2d6c21c74569acda5233f9f1ec@%3Ccommits.pulsar.apache.org%3E"
},
{
"name": "[pulsar-commits] 20210121 [GitHub] [pulsar] hpvd commented on issue #9249: Upgrade Netty dependency in broker to solve vulnerabilities: CVE-2019-16869, CVE-2020-11612, CVE-2019-20445, CVE-2019-20444",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r7790b9d99696d9eddce8a8c96f13bb68460984294ea6fea3800143e4@%3Ccommits.pulsar.apache.org%3E"
},
{
"name": "[pulsar-commits] 20210122 [GitHub] [pulsar] hpvd commented on issue #9249: Upgrade Netty dependency in broker to solve vulnerabilities: CVE-2019-16869, CVE-2020-11612, CVE-2019-20445, CVE-2019-20444",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rdb69125652311d0c41f6066ff44072a3642cf33a4b5e3c4f9c1ec9c2@%3Ccommits.pulsar.apache.org%3E"
},
{
"name": "DSA-4885",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2021/dsa-4885"
},
{
"name": "https://www.oracle.com/security-alerts/cpuApr2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"name": "https://www.oracle.com//security-alerts/cpujul2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpuapr2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-11612",
"datePublished": "2020-04-07T18:00:34.000Z",
"dateReserved": "2020-04-07T00:00:00.000Z",
"dateUpdated": "2024-08-04T11:35:13.236Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2020-11612",
"date": "2026-05-30",
"epss": "0.04327",
"percentile": "0.89083"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2020-11612\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2020-04-07T18:15:13.697\",\"lastModified\":\"2024-11-21T04:58:14.617\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The ZlibDecoders in Netty 4.1.x before 4.1.46 allow for unbounded memory allocation while decoding a ZlibEncoded byte stream. An attacker could send a large ZlibEncoded byte stream to the Netty server, forcing the server to allocate all of its free memory to a single decoder.\"},{\"lang\":\"es\",\"value\":\"El ZlibDecoders en Netty versiones 4.1.x anteriores a 4.1.46, permite una asignaci\u00f3n de memoria ilimitada mientras decodifican un flujo de bytes de ZlibEncoded. Un atacante podr\u00eda enviar una secuencia de bytes de ZlibEncoded grande hacia el servidor de Netty, forzando al servidor a asignar toda su memoria liberada a un \u00fanico decodificador.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:N/A:P\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-770\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netty:netty:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.1\",\"versionEndExcluding\":\"4.1.46\",\"matchCriteriaId\":\"5D244264-A923-47AA-AAED-35C184E7E984\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DEECE5FC-CACF-4496-A3E7-164736409252\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E460AA51-FCDA-46B9-AE97-E6676AA5E194\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:oncommand_api_services:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5EC98B22-FFAA-4B59-8E63-EBAA4336AD13\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F1BE6C1F-2565-4E97-92AA-16563E5660A5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5735E553-9731-4AAC-BCFF-989377F817B3\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:12.0.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"06594847-96ED-4541-B2F4-C7331B603603\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:1.5.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9CEE0833-F063-431F-AAA6-FFAAF9FEE7FD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_design_studio:7.4.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A67AA54B-258D-4D09-9ACB-4085E0B3E585\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:nosql_database:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"20.3\",\"matchCriteriaId\":\"D04565AE-D092-4AE0-8FEE-0E8114662A1B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:siebel_core_-_server_framework:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"21.5\",\"matchCriteriaId\":\"3728A81F-E9BA-4357-8652-701D380FD88F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:webcenter_portal:12.2.1.3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D6A4F71A-4269-40FC-8F61-1D1301F2B728\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5A502118-5B2B-47AE-82EC-1999BD841103\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:oracle:communications_messaging_server:8.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7569C0BD-16C1-441E-BAEB-840C94BE73EF\"}]}]}],\"references\":[{\"url\":\"https://github.com/netty/netty/compare/netty-4.1.45.Final...netty-4.1.46.Final\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/netty/netty/issues/6168\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://github.com/netty/netty/pull/9924\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://lists.apache.org/thread.html/r14446ed58208cb6d97b6faa6ebf145f1cf2c70c0886c0c133f4d3b6f%40%3Ccommits.druid.apache.org%3E\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.apache.org/thread.html/r255ed239e65d0596812362adc474bee96caf7ba042c7ad2f3c62cec7%40%3Cissues.zookeeper.apache.org%3E\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.apache.org/thread.html/r281882fdf9ea89aac02fd2f92786693a956aac2ce9840cce87c7df6b%40%3Ccommits.zookeeper.apache.org%3E\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.apache.org/thread.html/r2958e4d49ee046e1e561e44fdc114a0d2285927501880f15852a9b53%40%3Ccommits.druid.apache.org%3E\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.apache.org/thread.html/r31424427cc6d7db46beac481bdeed9a823fc20bb1b9deede38557f71%40%3Cnotifications.zookeeper.apache.org%3E\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.apache.org/thread.html/r3195127e46c87a680b5d1d3733470f83b886bfd3b890c50df718bed1%40%3Ccommits.druid.apache.org%3E\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.apache.org/thread.html/r3ea4918d20d0c1fa26cac74cc7cda001d8990bc43473d062867ef70d%40%3Cnotifications.zookeeper.apache.org%3E\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.apache.org/thread.html/r4a7e4e23bd84ac24abf30ab5d5edf989c02b555e1eca6a2f28636692%40%3Cnotifications.zookeeper.apache.org%3E\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.apache.org/thread.html/r4f4a14d6a608db447b725ec2e96c26ac9664d83cd879aa21e2cfeb24%40%3Cnotifications.zookeeper.apache.org%3E\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.apache.org/thread.html/r5030cd8ea5df1e64cf6a7b633eff145992fbca03e8bfc687cd2427ab%40%3Cnotifications.zookeeper.apache.org%3E\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.apache.org/thread.html/r5a0b1f0b1c3bcd66f5177fbd6f6de2d0f8cae24a13ab2669f274251a%40%3Cnotifications.zookeeper.apache.org%3E\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.apache.org/thread.html/r5b1ad61552591b747cd31b3a908d5ff2e8f2a8a6847583dd6b7b1ee7%40%3Cissues.zookeeper.apache.org%3E\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.apache.org/thread.html/r69b23a94d4ae45394cabae012dd1f4a963996869c44c478eb1c61082%40%3Ccommits.zookeeper.apache.org%3E\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.apache.org/thread.html/r7641ee788e1eb1be4bb206a7d15f8a64ec6ef23e5ec6132d5a567695%40%3Cnotifications.zookeeper.apache.org%3E\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.apache.org/thread.html/r7790b9d99696d9eddce8a8c96f13bb68460984294ea6fea3800143e4%40%3Ccommits.pulsar.apache.org%3E\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.apache.org/thread.html/r7836bbdbe95c99d4d725199f0c169927d4e87ba57e4beeeb699c097a%40%3Ccommits.druid.apache.org%3E\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.apache.org/thread.html/r832724df393a7ef25ca4c7c2eb83ad2d6c21c74569acda5233f9f1ec%40%3Ccommits.pulsar.apache.org%3E\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.apache.org/thread.html/r866288c2ada00ce148b7307cdf869f15f24302b3eb2128af33830997%40%3Ccommits.zookeeper.apache.org%3E\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.apache.org/thread.html/r88e2b91560c065ed67e62adf8f401c417e4d70256d11ea447215a70c%40%3Cissues.zookeeper.apache.org%3E\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.apache.org/thread.html/r8a654f11e1172b0effbfd6f8d5b6ca651ae4ac724a976923c268a42f%40%3Ccommits.druid.apache.org%3E\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.apache.org/thread.html/r9addb580456807cd11d6f0c6b6373b7d7161d06d2278866c30c7febb%40%3Ccommits.zookeeper.apache.org%3E\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.apache.org/thread.html/r9c30b7fca4baedebcb46d6e0f90071b30cc4a0e074164d50122ec5ec%40%3Ccommits.zookeeper.apache.org%3E\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.apache.org/thread.html/ra98e3a8541a09271f96478d5e22c7e3bd1afdf48641c8be25d62d9f9%40%3Ccommits.druid.apache.org%3E\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.apache.org/thread.html/raaac04b7567c554786132144bea3dcb72568edd410c1e6f0101742e7%40%3Cissues.flink.apache.org%3E\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.apache.org/thread.html/rd302ddb501fa02c5119120e5fc21df9a1c00e221c490edbe2d7ad365%40%3Cnotifications.zookeeper.apache.org%3E\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.apache.org/thread.html/rdb69125652311d0c41f6066ff44072a3642cf33a4b5e3c4f9c1ec9c2%40%3Ccommits.pulsar.apache.org%3E\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.apache.org/thread.html/re1ea144e91f03175d661b2d3e97c7d74b912e019613fa90419cf63f4%40%3Cissues.zookeeper.apache.org%3E\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.apache.org/thread.html/ref2c8a0cbb3b8271e5b9a06457ba78ad2028128627186531730f50ef%40%3Cnotifications.zookeeper.apache.org%3E\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.apache.org/thread.html/ref3943adbc3a8813aee0e3a9dd919bacbb27f626be030a3c6d6c7f83%40%3Ccommits.pulsar.apache.org%3E\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.apache.org/thread.html/rf5b2dfb7401666a19915f8eaef3ba9f5c3386e2066fcd2ae66e16a2f%40%3Cdev.flink.apache.org%3E\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.apache.org/thread.html/rf803b65b4a57589d79cf2e83d8ece0539018d32864f932f63c972844%40%3Cnotifications.zookeeper.apache.org%3E\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.apache.org/thread.html/rf9f8bcc4ca8d2788f77455ff594468404732a4497baebe319043f4d5%40%3Ccommits.zookeeper.apache.org%3E\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.apache.org/thread.html/rfd173eac20d5e5f581c8984b685c836dafea8eb2f7ff85f617704cf1%40%3Cdev.zookeeper.apache.org%3E\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.apache.org/thread.html/rff8859c0d06b1688344b39097f9685c43b461cf2bc41f60f001704e9%40%3Ccommits.zookeeper.apache.org%3E\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.debian.org/debian-lts-announce/2020/09/msg00003.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TS6VX7OMXPDJIU5LRGUAHRK6MENAVJ46/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://security.netapp.com/advisory/ntap-20201223-0001/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2021/dsa-4885\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com//security-alerts/cpujul2021.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpuApr2021.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpuapr2022.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpujan2021.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/netty/netty/compare/netty-4.1.45.Final...netty-4.1.46.Final\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/netty/netty/issues/6168\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://github.com/netty/netty/pull/9924\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://lists.apache.org/thread.html/r14446ed58208cb6d97b6faa6ebf145f1cf2c70c0886c0c133f4d3b6f%40%3Ccommits.druid.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r255ed239e65d0596812362adc474bee96caf7ba042c7ad2f3c62cec7%40%3Cissues.zookeeper.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r281882fdf9ea89aac02fd2f92786693a956aac2ce9840cce87c7df6b%40%3Ccommits.zookeeper.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r2958e4d49ee046e1e561e44fdc114a0d2285927501880f15852a9b53%40%3Ccommits.druid.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r31424427cc6d7db46beac481bdeed9a823fc20bb1b9deede38557f71%40%3Cnotifications.zookeeper.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r3195127e46c87a680b5d1d3733470f83b886bfd3b890c50df718bed1%40%3Ccommits.druid.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r3ea4918d20d0c1fa26cac74cc7cda001d8990bc43473d062867ef70d%40%3Cnotifications.zookeeper.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r4a7e4e23bd84ac24abf30ab5d5edf989c02b555e1eca6a2f28636692%40%3Cnotifications.zookeeper.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r4f4a14d6a608db447b725ec2e96c26ac9664d83cd879aa21e2cfeb24%40%3Cnotifications.zookeeper.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r5030cd8ea5df1e64cf6a7b633eff145992fbca03e8bfc687cd2427ab%40%3Cnotifications.zookeeper.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r5a0b1f0b1c3bcd66f5177fbd6f6de2d0f8cae24a13ab2669f274251a%40%3Cnotifications.zookeeper.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r5b1ad61552591b747cd31b3a908d5ff2e8f2a8a6847583dd6b7b1ee7%40%3Cissues.zookeeper.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r69b23a94d4ae45394cabae012dd1f4a963996869c44c478eb1c61082%40%3Ccommits.zookeeper.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r7641ee788e1eb1be4bb206a7d15f8a64ec6ef23e5ec6132d5a567695%40%3Cnotifications.zookeeper.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r7790b9d99696d9eddce8a8c96f13bb68460984294ea6fea3800143e4%40%3Ccommits.pulsar.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r7836bbdbe95c99d4d725199f0c169927d4e87ba57e4beeeb699c097a%40%3Ccommits.druid.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r832724df393a7ef25ca4c7c2eb83ad2d6c21c74569acda5233f9f1ec%40%3Ccommits.pulsar.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r866288c2ada00ce148b7307cdf869f15f24302b3eb2128af33830997%40%3Ccommits.zookeeper.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r88e2b91560c065ed67e62adf8f401c417e4d70256d11ea447215a70c%40%3Cissues.zookeeper.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r8a654f11e1172b0effbfd6f8d5b6ca651ae4ac724a976923c268a42f%40%3Ccommits.druid.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r9addb580456807cd11d6f0c6b6373b7d7161d06d2278866c30c7febb%40%3Ccommits.zookeeper.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r9c30b7fca4baedebcb46d6e0f90071b30cc4a0e074164d50122ec5ec%40%3Ccommits.zookeeper.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/ra98e3a8541a09271f96478d5e22c7e3bd1afdf48641c8be25d62d9f9%40%3Ccommits.druid.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/raaac04b7567c554786132144bea3dcb72568edd410c1e6f0101742e7%40%3Cissues.flink.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/rd302ddb501fa02c5119120e5fc21df9a1c00e221c490edbe2d7ad365%40%3Cnotifications.zookeeper.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/rdb69125652311d0c41f6066ff44072a3642cf33a4b5e3c4f9c1ec9c2%40%3Ccommits.pulsar.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/re1ea144e91f03175d661b2d3e97c7d74b912e019613fa90419cf63f4%40%3Cissues.zookeeper.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/ref2c8a0cbb3b8271e5b9a06457ba78ad2028128627186531730f50ef%40%3Cnotifications.zookeeper.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/ref3943adbc3a8813aee0e3a9dd919bacbb27f626be030a3c6d6c7f83%40%3Ccommits.pulsar.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/rf5b2dfb7401666a19915f8eaef3ba9f5c3386e2066fcd2ae66e16a2f%40%3Cdev.flink.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/rf803b65b4a57589d79cf2e83d8ece0539018d32864f932f63c972844%40%3Cnotifications.zookeeper.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/rf9f8bcc4ca8d2788f77455ff594468404732a4497baebe319043f4d5%40%3Ccommits.zookeeper.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/rfd173eac20d5e5f581c8984b685c836dafea8eb2f7ff85f617704cf1%40%3Cdev.zookeeper.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/rff8859c0d06b1688344b39097f9685c43b461cf2bc41f60f001704e9%40%3Ccommits.zookeeper.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.debian.org/debian-lts-announce/2020/09/msg00003.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TS6VX7OMXPDJIU5LRGUAHRK6MENAVJ46/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security.netapp.com/advisory/ntap-20201223-0001/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2021/dsa-4885\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com//security-alerts/cpujul2021.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpuApr2021.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpuapr2022.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpujan2021.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]}]}}"
}
}
RHSA-2020:2618
Vulnerability from csaf_redhat - Published: 2020-06-19 01:39 - Updated: 2026-03-18 02:05Summary
Red Hat Security Advisory: Red Hat AMQ Streams 1.5.0 release and security update
Severity
Moderate
Notes
Topic: Red Hat AMQ Streams 1.5.0 is now available from the Red Hat Customer Portal.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Red Hat AMQ Streams, based on the Apache Kafka project, offers a distributed backbone that allows microservices and other applications to share data with extremely high throughput and extremely low latency.
This release of Red Hat AMQ Streams 1.5.0 serves as a replacement for Red Hat AMQ Streams 1.4.0, and includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section.
Security Fix(es):
* ant: insecure temporary file vulnerability (CVE-2020-1945)
* netty: compression/decompression codecs don't enforce limits on buffer allocation sizes (CVE-2020-11612)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7 uses the default temporary directory identified by the Java system property java.io.tmpdir for several tasks and may thus leak sensitive information. The fixcrlf and replaceregexp tasks also copy files from the temporary directory back into the build tree allowing an attacker to inject modified source files into the build process.
6.3 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat AMQ Streams 1.5.0
Red Hat / Red Hat JBoss AMQ
|
cpe:/a:redhat:amq_streams:1
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in Netty in the way it handles the amount of data it compresses and decompresses. The Compression/Decompression codecs should enforce memory allocation size limits to avoid an Out of Memory Error (OOME) or exhaustion of the memory pool.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat AMQ Streams 1.5.0
Red Hat / Red Hat JBoss AMQ
|
cpe:/a:redhat:amq_streams:1
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
References
15 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat AMQ Streams 1.5.0 is now available from the Red Hat Customer Portal.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat AMQ Streams, based on the Apache Kafka project, offers a distributed backbone that allows microservices and other applications to share data with extremely high throughput and extremely low latency. \n\nThis release of Red Hat AMQ Streams 1.5.0 serves as a replacement for Red Hat AMQ Streams 1.4.0, and includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section.\n\nSecurity Fix(es):\n\n* ant: insecure temporary file vulnerability (CVE-2020-1945)\n\n* netty: compression/decompression codecs don\u0027t enforce limits on buffer allocation sizes (CVE-2020-11612)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2020:2618",
"url": "https://access.redhat.com/errata/RHSA-2020:2618"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=jboss.amq.streams\u0026downloadType=distributions\u0026version=1.5.0",
"url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=jboss.amq.streams\u0026downloadType=distributions\u0026version=1.5.0"
},
{
"category": "external",
"summary": "https://access.redhat.com/products/red-hat-amq#streams",
"url": "https://access.redhat.com/products/red-hat-amq#streams"
},
{
"category": "external",
"summary": "1816216",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816216"
},
{
"category": "external",
"summary": "1837444",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1837444"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_2618.json"
}
],
"title": "Red Hat Security Advisory: Red Hat AMQ Streams 1.5.0 release and security update",
"tracking": {
"current_release_date": "2026-03-18T02:05:56+00:00",
"generator": {
"date": "2026-03-18T02:05:56+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.3"
}
},
"id": "RHSA-2020:2618",
"initial_release_date": "2020-06-19T01:39:36+00:00",
"revision_history": [
{
"date": "2020-06-19T01:39:36+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2020-06-19T01:39:36+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-03-18T02:05:56+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat AMQ Streams 1.5.0",
"product": {
"name": "Red Hat AMQ Streams 1.5.0",
"product_id": "Red Hat AMQ Streams 1.5.0",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:amq_streams:1"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss AMQ"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-1945",
"cwe": {
"id": "CWE-377",
"name": "Insecure Temporary File"
},
"discovery_date": "2020-05-13T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1837444"
}
],
"notes": [
{
"category": "description",
"text": "Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7 uses the default temporary directory identified by the Java system property java.io.tmpdir for several tasks and may thus leak sensitive information. The fixcrlf and replaceregexp tasks also copy files from the temporary directory back into the build tree allowing an attacker to inject modified source files into the build process.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ant: insecure temporary file vulnerability",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "In OpenShift Container Platform (OCP), the Hive/Presto/Hadoop components that comprise the OCP Metering stack, ship the vulnerable version of ant package.\nSince the release of OCP 4.6, the Metering product has been deprecated [1], hence the affected components are marked as wontfix.\nThis may be fixed in the future.\n\n[1] https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html#ocp-4-6-metering-operator-deprecated",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AMQ Streams 1.5.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-1945"
},
{
"category": "external",
"summary": "RHBZ#1837444",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1837444"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-1945",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1945"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1945",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1945"
}
],
"release_date": "2020-05-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-06-19T01:39:36+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat AMQ Streams 1.5.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:2618"
},
{
"category": "workaround",
"details": "For versions 1.1 to 1.9.14 and 1.10.0 to 1.10.7, set the java.io.tmpdir system property to a private directory-- only readable and writable by the current user-- before running Ant.\n\nFor versions 1.9.15 and 1.10.8, use the Ant property ant.tmpfile instead. Ant 1.10.8 protects the temporary files if the underlying filesystem allows it, but using a private temporary directory is still recommended.",
"product_ids": [
"Red Hat AMQ Streams 1.5.0"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat AMQ Streams 1.5.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "ant: insecure temporary file vulnerability"
},
{
"cve": "CVE-2020-11612",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2020-03-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1816216"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Netty in the way it handles the amount of data it compresses and decompresses. The Compression/Decompression codecs should enforce memory allocation size limits to avoid an Out of Memory Error (OOME) or exhaustion of the memory pool.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "netty: compression/decompression codecs don\u0027t enforce limits on buffer allocation sizes",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "In OpenShift Container Platform end users don\u0027t have direct access to send requests to ElasticSearch. A user could need access to the ElasticSearch service on the internal cluster network in order to be able to send malicious requests to it.\n\n\nThird party scanners flagging Red Hat Satellite due to availability of the higher version packages in Red Hat AMQ Clients (through errata RHSA-2020:2605) compare to the qpid packages from Satellite Tools repository. qpid dependency fixed in errata RHSA-2020:2605 was for Red Hat AMQ Clients and it doesn\u0027t necessarily mean that packages from Satellite Tools are affected. These are two different products with different architecture and code-base. Updating the packages from any other repository than the Satellite-tools repository is not recommended for Satellite Customers. \n\nRed Hat Satellite 6.7 and earlier ship affected version of netty, however, there is no external connection being exposed and it is used by only Artemis to open an internal connection within the JVM. Since netty does not come into contact with untrusted data, vulnerability is not exposed in product code and there is no breach of Confidentiality, Integrity or Availability expected from this vulnerability. We may update the netty and its dependency in a future release.\n\nMore information regarding Satellite related packages can be found on KCS: https://access.redhat.com/solutions/5200591",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AMQ Streams 1.5.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-11612"
},
{
"category": "external",
"summary": "RHBZ#1816216",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816216"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-11612",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11612"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-11612",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11612"
}
],
"release_date": "2020-01-31T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-06-19T01:39:36+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat AMQ Streams 1.5.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:2618"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat AMQ Streams 1.5.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "netty: compression/decompression codecs don\u0027t enforce limits on buffer allocation sizes"
}
]
}
RHSA-2020:2751
Vulnerability from csaf_redhat - Published: 2020-06-25 14:14 - Updated: 2026-05-14 22:25Summary
Red Hat Security Advisory: Red Hat AMQ Broker 7.7 release and security update
Severity
Important
Notes
Topic: Red Hat AMQ Broker 7.7 is now available from the Red Hat Customer Portal.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
[2020-07-02 update: Removed A-MQ Console: HTTPOnly and Secure attributes not set on cookies (CVE-2015-5183) mistakenly included as resolved
This is an advisory change only; delivered artifacts as part of the 7.7 release remain the same]
Details: AMQ Broker is a high-performance messaging implementation based on ActiveMQ Artemis. It uses an asynchronous journal for fast message persistence, and supports multiple languages, protocols, and platforms.
This release of Red Hat AMQ Broker 7.7.0 serves as a replacement for Red Hat AMQ Broker 7.6.0, and includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section.
Security Fix(es):
* apache-commons-configuration: uncontrolled class instantiation when loading YAML files (CVE-2020-1953)
* broker: resetUsers operation stores password in plain text (EMBARGOED CVE-2020-10727)
* netty: compression/decompression codecs don't enforce limits on buffer allocation sizes (CVE-2020-11612)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in the Apache Commons Configuration, where it uses a third-party library to process YAML files, which by default, allows the instantiation of classes if the YAML includes special statements. Apache Commons Configuration versions 2.2, 2.3, 2.4, 2.5, 2.6 did not change the default settings of this library. If a YAML file was loaded from an untrusted source, it could load and execute code out of the control of the host application.
9.0 (Critical)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat AMQ
Red Hat / Red Hat JBoss AMQ
|
cpe:/a:redhat:amq_broker:7
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in ActiveMQ Artemis management API from version 2.7.0 up until 2.12.0, where a user inadvertently stores passwords in plaintext in the Artemis shadow file (etc/artemis-users.properties file) when executing the `resetUsers` operation. A local attacker can use this flaw to read the contents of the Artemis shadow file.
5.5 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat AMQ
Red Hat / Red Hat JBoss AMQ
|
cpe:/a:redhat:amq_broker:7
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in Netty in the way it handles the amount of data it compresses and decompresses. The Compression/Decompression codecs should enforce memory allocation size limits to avoid an Out of Memory Error (OOME) or exhaustion of the memory pool.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat AMQ
Red Hat / Red Hat JBoss AMQ
|
cpe:/a:redhat:amq_broker:7
|
— |
Vendor Fix
fix
|
Threats
Impact
Low
References
23 references
Acknowledgments
Reporter
Justin Bertram
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat AMQ Broker 7.7 is now available from the Red Hat Customer Portal.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\n[2020-07-02 update: Removed A-MQ Console: HTTPOnly and Secure attributes not set on cookies (CVE-2015-5183) mistakenly included as resolved\n\nThis is an advisory change only; delivered artifacts as part of the 7.7 release remain the same]",
"title": "Topic"
},
{
"category": "general",
"text": "AMQ Broker is a high-performance messaging implementation based on ActiveMQ Artemis. It uses an asynchronous journal for fast message persistence, and supports multiple languages, protocols, and platforms. \n\nThis release of Red Hat AMQ Broker 7.7.0 serves as a replacement for Red Hat AMQ Broker 7.6.0, and includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section.\n\nSecurity Fix(es):\n\n* apache-commons-configuration: uncontrolled class instantiation when loading YAML files (CVE-2020-1953)\n\n* broker: resetUsers operation stores password in plain text (EMBARGOED CVE-2020-10727)\n\n* netty: compression/decompression codecs don\u0027t enforce limits on buffer allocation sizes (CVE-2020-11612)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2020:2751",
"url": "https://access.redhat.com/errata/RHSA-2020:2751"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions\u0026product=jboss.amq.broker\u0026version=7.7.0\u0026productChanged=yes",
"url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions\u0026product=jboss.amq.broker\u0026version=7.7.0\u0026productChanged=yes"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_amq/7.7/",
"url": "https://access.redhat.com/documentation/en-us/red_hat_amq/7.7/"
},
{
"category": "external",
"summary": "1815212",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1815212"
},
{
"category": "external",
"summary": "1816216",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816216"
},
{
"category": "external",
"summary": "1827200",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1827200"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_2751.json"
}
],
"title": "Red Hat Security Advisory: Red Hat AMQ Broker 7.7 release and security update",
"tracking": {
"current_release_date": "2026-05-14T22:25:37+00:00",
"generator": {
"date": "2026-05-14T22:25:37+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.0"
}
},
"id": "RHSA-2020:2751",
"initial_release_date": "2020-06-25T14:14:37+00:00",
"revision_history": [
{
"date": "2020-06-25T14:14:37+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2020-07-03T08:01:21+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-05-14T22:25:37+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat AMQ",
"product": {
"name": "Red Hat AMQ",
"product_id": "Red Hat AMQ",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:amq_broker:7"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss AMQ"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-1953",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2020-03-13T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1815212"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Apache Commons Configuration, where it uses a third-party library to process YAML files, which by default, allows the instantiation of classes if the YAML includes special statements. Apache Commons Configuration versions 2.2, 2.3, 2.4, 2.5, 2.6 did not change the default settings of this library. If a YAML file was loaded from an untrusted source, it could load and execute code out of the control of the host application.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "apache-commons-configuration: uncontrolled class instantiation when loading YAML files",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Several packages are unaffected because they do not include support for YAML configurations:\n* `apache-commons-configuration` as shipped with Red Hat Enterprise Linux 7\n* `apache-commons-configuration` as shipped with Red Hat Enterprise Virtualization\n* `rh-maven35-apache-commons-configuration` as shipped with Red Hat Software Collections\n* `commons-configuration` as shipped with Red Hat Gluster Storage",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AMQ"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-1953"
},
{
"category": "external",
"summary": "RHBZ#1815212",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1815212"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-1953",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1953"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1953",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1953"
},
{
"category": "external",
"summary": "https://github.com/apache/commons-configuration/commit/add7375cf37fd316d4838c6c56b054fc293b4641",
"url": "https://github.com/apache/commons-configuration/commit/add7375cf37fd316d4838c6c56b054fc293b4641"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread.html/rde2186ad6ac0d6ed8d51af7509244adcf1ce0f9a3b7e1d1dd3b64676@%3Ccommits.camel.apache.org%3E",
"url": "https://lists.apache.org/thread.html/rde2186ad6ac0d6ed8d51af7509244adcf1ce0f9a3b7e1d1dd3b64676@%3Ccommits.camel.apache.org%3E"
}
],
"release_date": "2020-03-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-06-25T14:14:37+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat AMQ"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:2751"
},
{
"category": "workaround",
"details": "There is currently no mitigation available for this vulnerability.",
"product_ids": [
"Red Hat AMQ"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.0,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat AMQ"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "apache-commons-configuration: uncontrolled class instantiation when loading YAML files"
},
{
"acknowledgments": [
{
"names": [
"Justin Bertram"
],
"organization": "Reporter"
}
],
"cve": "CVE-2020-10727",
"cwe": {
"id": "CWE-522",
"name": "Insufficiently Protected Credentials"
},
"discovery_date": "2020-04-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1827200"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in ActiveMQ Artemis management API from version 2.7.0 up until 2.12.0, where a user inadvertently stores passwords in plaintext in the Artemis shadow file (etc/artemis-users.properties file) when executing the `resetUsers` operation. A local attacker can use this flaw to read the contents of the Artemis shadow file.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "broker: resetUsers operation stores password in plain text",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AMQ"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-10727"
},
{
"category": "external",
"summary": "RHBZ#1827200",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1827200"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-10727",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10727"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10727",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10727"
},
{
"category": "external",
"summary": "https://issues.redhat.com/browse/ENTMQBR-3435",
"url": "https://issues.redhat.com/browse/ENTMQBR-3435"
}
],
"release_date": "2020-06-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-06-25T14:14:37+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat AMQ"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:2751"
},
{
"category": "workaround",
"details": "When resetting a user an alternative is to use the broker instance CLI `/bin/artemis user reset` which is not affected by the flaw",
"product_ids": [
"Red Hat AMQ"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat AMQ"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "broker: resetUsers operation stores password in plain text"
},
{
"cve": "CVE-2020-11612",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2020-03-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1816216"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Netty in the way it handles the amount of data it compresses and decompresses. The Compression/Decompression codecs should enforce memory allocation size limits to avoid an Out of Memory Error (OOME) or exhaustion of the memory pool.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "netty: compression/decompression codecs don\u0027t enforce limits on buffer allocation sizes",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "In OpenShift Container Platform end users don\u0027t have direct access to send requests to ElasticSearch. A user could need access to the ElasticSearch service on the internal cluster network in order to be able to send malicious requests to it.\n\n\nThird party scanners flagging Red Hat Satellite due to availability of the higher version packages in Red Hat AMQ Clients (through errata RHSA-2020:2605) compare to the qpid packages from Satellite Tools repository. qpid dependency fixed in errata RHSA-2020:2605 was for Red Hat AMQ Clients and it doesn\u0027t necessarily mean that packages from Satellite Tools are affected. These are two different products with different architecture and code-base. Updating the packages from any other repository than the Satellite-tools repository is not recommended for Satellite Customers. \n\nRed Hat Satellite 6.7 and earlier ship affected version of netty, however, there is no external connection being exposed and it is used by only Artemis to open an internal connection within the JVM. Since netty does not come into contact with untrusted data, vulnerability is not exposed in product code and there is no breach of Confidentiality, Integrity or Availability expected from this vulnerability. We may update the netty and its dependency in a future release.\n\nMore information regarding Satellite related packages can be found on KCS: https://access.redhat.com/solutions/5200591",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AMQ"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-11612"
},
{
"category": "external",
"summary": "RHBZ#1816216",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816216"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-11612",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11612"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-11612",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11612"
}
],
"release_date": "2020-01-31T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-06-25T14:14:37+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat AMQ"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:2751"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat AMQ"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "netty: compression/decompression codecs don\u0027t enforce limits on buffer allocation sizes"
}
]
}
RHSA-2020:3133
Vulnerability from csaf_redhat - Published: 2020-07-23 15:10 - Updated: 2026-05-14 22:30Summary
Red Hat Security Advisory: Red Hat AMQ Broker 7.4.4 release and security update
Severity
Important
Notes
Topic: Red Hat AMQ Broker 7.4.4 is now available from the Red Hat Customer Portal.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: AMQ Broker is a high-performance messaging implementation based on ActiveMQ Artemis. It uses an asynchronous journal for fast message persistence, and supports multiple languages, protocols, and platforms.
This release of Red Hat AMQ Broker 7.4.4 serves as a replacement for Red Hat AMQ Broker 7.4.3, and includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section.
Security Fix(es):
* apache-commons-configuration: uncontrolled class instantiation when loading YAML files (CVE-2020-1953)
* broker: resetUsers operation stores password in plain text (EMBARGOED CVE-2020-10727)
* netty: compression/decompression codecs don't enforce limits on buffer allocation sizes (CVE-2020-11612)
* springframework: DoS Attack via Range Requests (CVE-2018-15756)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Spring Framework, version 5.1, versions 5.0.x prior to 5.0.10, versions 4.3.x prior to 4.3.20, and older unsupported versions on the 4.2.x branch provide support for range requests when serving static resources through the ResourceHttpRequestHandler, or starting in 5.0 when an annotated controller returns an org.springframework.core.io.Resource. A malicious user (or attacker) can add a range header with a high number of ranges, or with wide ranges that overlap, or both, for a denial of service attack. This vulnerability affects applications that depend on either spring-webmvc or spring-webflux. Such applications must also have a registration for serving static resources (e.g. JS, CSS, images, and others), or have an annotated controller that returns an org.springframework.core.io.Resource. Spring Boot applications that depend on spring-boot-starter-web or spring-boot-starter-webflux are ready to serve static resources out of the box and are therefore vulnerable.
CWE-20 - Improper Input ValidationAffected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat AMQ
Red Hat / Red Hat JBoss AMQ
|
cpe:/a:redhat:amq_broker:7
|
— |
Vendor Fix
fix
|
Threats
Impact
Low
A flaw was found in the Apache Commons Configuration, where it uses a third-party library to process YAML files, which by default, allows the instantiation of classes if the YAML includes special statements. Apache Commons Configuration versions 2.2, 2.3, 2.4, 2.5, 2.6 did not change the default settings of this library. If a YAML file was loaded from an untrusted source, it could load and execute code out of the control of the host application.
9.0 (Critical)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat AMQ
Red Hat / Red Hat JBoss AMQ
|
cpe:/a:redhat:amq_broker:7
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in ActiveMQ Artemis management API from version 2.7.0 up until 2.12.0, where a user inadvertently stores passwords in plaintext in the Artemis shadow file (etc/artemis-users.properties file) when executing the `resetUsers` operation. A local attacker can use this flaw to read the contents of the Artemis shadow file.
5.5 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat AMQ
Red Hat / Red Hat JBoss AMQ
|
cpe:/a:redhat:amq_broker:7
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in Netty in the way it handles the amount of data it compresses and decompresses. The Compression/Decompression codecs should enforce memory allocation size limits to avoid an Out of Memory Error (OOME) or exhaustion of the memory pool.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat AMQ
Red Hat / Red Hat JBoss AMQ
|
cpe:/a:redhat:amq_broker:7
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
References
29 references
Acknowledgments
Reporter
Justin Bertram
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat AMQ Broker 7.4.4 is now available from the Red Hat Customer Portal.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "AMQ Broker is a high-performance messaging implementation based on ActiveMQ Artemis. It uses an asynchronous journal for fast message persistence, and supports multiple languages, protocols, and platforms. \n\nThis release of Red Hat AMQ Broker 7.4.4 serves as a replacement for Red Hat AMQ Broker 7.4.3, and includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section.\n\nSecurity Fix(es):\n\n* apache-commons-configuration: uncontrolled class instantiation when loading YAML files (CVE-2020-1953)\n\n* broker: resetUsers operation stores password in plain text (EMBARGOED CVE-2020-10727)\n\n* netty: compression/decompression codecs don\u0027t enforce limits on buffer allocation sizes (CVE-2020-11612)\n\n* springframework: DoS Attack via Range Requests (CVE-2018-15756)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2020:3133",
"url": "https://access.redhat.com/errata/RHSA-2020:3133"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions\u0026product=jboss.amq.broker\u0026version=7.4.4\u0026productChanged=yes",
"url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions\u0026product=jboss.amq.broker\u0026version=7.4.4\u0026productChanged=yes"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_amq/7.4/",
"url": "https://access.redhat.com/documentation/en-us/red_hat_amq/7.4/"
},
{
"category": "external",
"summary": "1643043",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1643043"
},
{
"category": "external",
"summary": "1815212",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1815212"
},
{
"category": "external",
"summary": "1816216",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816216"
},
{
"category": "external",
"summary": "1827200",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1827200"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_3133.json"
}
],
"title": "Red Hat Security Advisory: Red Hat AMQ Broker 7.4.4 release and security update",
"tracking": {
"current_release_date": "2026-05-14T22:30:06+00:00",
"generator": {
"date": "2026-05-14T22:30:06+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.0"
}
},
"id": "RHSA-2020:3133",
"initial_release_date": "2020-07-23T15:10:08+00:00",
"revision_history": [
{
"date": "2020-07-23T15:10:08+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2020-07-23T15:10:08+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-05-14T22:30:06+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat AMQ",
"product": {
"name": "Red Hat AMQ",
"product_id": "Red Hat AMQ",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:amq_broker:7"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss AMQ"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-15756",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2018-10-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1643043"
}
],
"notes": [
{
"category": "description",
"text": "Spring Framework, version 5.1, versions 5.0.x prior to 5.0.10, versions 4.3.x prior to 4.3.20, and older unsupported versions on the 4.2.x branch provide support for range requests when serving static resources through the ResourceHttpRequestHandler, or starting in 5.0 when an annotated controller returns an org.springframework.core.io.Resource. A malicious user (or attacker) can add a range header with a high number of ranges, or with wide ranges that overlap, or both, for a denial of service attack. This vulnerability affects applications that depend on either spring-webmvc or spring-webflux. Such applications must also have a registration for serving static resources (e.g. JS, CSS, images, and others), or have an annotated controller that returns an org.springframework.core.io.Resource. Spring Boot applications that depend on spring-boot-starter-web or spring-boot-starter-webflux are ready to serve static resources out of the box and are therefore vulnerable.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "springframework: DoS Attack via Range Requests",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The package rhvm-dependencies does not include the vulnerable spring-webmvc component.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AMQ"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-15756"
},
{
"category": "external",
"summary": "RHBZ#1643043",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1643043"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-15756",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-15756"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-15756",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-15756"
},
{
"category": "external",
"summary": "https://pivotal.io/security/cve-2018-15756",
"url": "https://pivotal.io/security/cve-2018-15756"
}
],
"release_date": "2018-10-16T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-07-23T15:10:08+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat AMQ"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3133"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"Red Hat AMQ"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "springframework: DoS Attack via Range Requests"
},
{
"cve": "CVE-2020-1953",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2020-03-13T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1815212"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Apache Commons Configuration, where it uses a third-party library to process YAML files, which by default, allows the instantiation of classes if the YAML includes special statements. Apache Commons Configuration versions 2.2, 2.3, 2.4, 2.5, 2.6 did not change the default settings of this library. If a YAML file was loaded from an untrusted source, it could load and execute code out of the control of the host application.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "apache-commons-configuration: uncontrolled class instantiation when loading YAML files",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Several packages are unaffected because they do not include support for YAML configurations:\n* `apache-commons-configuration` as shipped with Red Hat Enterprise Linux 7\n* `apache-commons-configuration` as shipped with Red Hat Enterprise Virtualization\n* `rh-maven35-apache-commons-configuration` as shipped with Red Hat Software Collections\n* `commons-configuration` as shipped with Red Hat Gluster Storage",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AMQ"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-1953"
},
{
"category": "external",
"summary": "RHBZ#1815212",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1815212"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-1953",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1953"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1953",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1953"
},
{
"category": "external",
"summary": "https://github.com/apache/commons-configuration/commit/add7375cf37fd316d4838c6c56b054fc293b4641",
"url": "https://github.com/apache/commons-configuration/commit/add7375cf37fd316d4838c6c56b054fc293b4641"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread.html/rde2186ad6ac0d6ed8d51af7509244adcf1ce0f9a3b7e1d1dd3b64676@%3Ccommits.camel.apache.org%3E",
"url": "https://lists.apache.org/thread.html/rde2186ad6ac0d6ed8d51af7509244adcf1ce0f9a3b7e1d1dd3b64676@%3Ccommits.camel.apache.org%3E"
}
],
"release_date": "2020-03-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-07-23T15:10:08+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat AMQ"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3133"
},
{
"category": "workaround",
"details": "There is currently no mitigation available for this vulnerability.",
"product_ids": [
"Red Hat AMQ"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.0,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat AMQ"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "apache-commons-configuration: uncontrolled class instantiation when loading YAML files"
},
{
"acknowledgments": [
{
"names": [
"Justin Bertram"
],
"organization": "Reporter"
}
],
"cve": "CVE-2020-10727",
"cwe": {
"id": "CWE-522",
"name": "Insufficiently Protected Credentials"
},
"discovery_date": "2020-04-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1827200"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in ActiveMQ Artemis management API from version 2.7.0 up until 2.12.0, where a user inadvertently stores passwords in plaintext in the Artemis shadow file (etc/artemis-users.properties file) when executing the `resetUsers` operation. A local attacker can use this flaw to read the contents of the Artemis shadow file.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "broker: resetUsers operation stores password in plain text",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AMQ"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-10727"
},
{
"category": "external",
"summary": "RHBZ#1827200",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1827200"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-10727",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10727"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10727",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10727"
},
{
"category": "external",
"summary": "https://issues.redhat.com/browse/ENTMQBR-3435",
"url": "https://issues.redhat.com/browse/ENTMQBR-3435"
}
],
"release_date": "2020-06-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-07-23T15:10:08+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat AMQ"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3133"
},
{
"category": "workaround",
"details": "When resetting a user an alternative is to use the broker instance CLI `/bin/artemis user reset` which is not affected by the flaw",
"product_ids": [
"Red Hat AMQ"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat AMQ"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "broker: resetUsers operation stores password in plain text"
},
{
"cve": "CVE-2020-11612",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2020-03-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1816216"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Netty in the way it handles the amount of data it compresses and decompresses. The Compression/Decompression codecs should enforce memory allocation size limits to avoid an Out of Memory Error (OOME) or exhaustion of the memory pool.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "netty: compression/decompression codecs don\u0027t enforce limits on buffer allocation sizes",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "In OpenShift Container Platform end users don\u0027t have direct access to send requests to ElasticSearch. A user could need access to the ElasticSearch service on the internal cluster network in order to be able to send malicious requests to it.\n\n\nThird party scanners flagging Red Hat Satellite due to availability of the higher version packages in Red Hat AMQ Clients (through errata RHSA-2020:2605) compare to the qpid packages from Satellite Tools repository. qpid dependency fixed in errata RHSA-2020:2605 was for Red Hat AMQ Clients and it doesn\u0027t necessarily mean that packages from Satellite Tools are affected. These are two different products with different architecture and code-base. Updating the packages from any other repository than the Satellite-tools repository is not recommended for Satellite Customers. \n\nRed Hat Satellite 6.7 and earlier ship affected version of netty, however, there is no external connection being exposed and it is used by only Artemis to open an internal connection within the JVM. Since netty does not come into contact with untrusted data, vulnerability is not exposed in product code and there is no breach of Confidentiality, Integrity or Availability expected from this vulnerability. We may update the netty and its dependency in a future release.\n\nMore information regarding Satellite related packages can be found on KCS: https://access.redhat.com/solutions/5200591",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AMQ"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-11612"
},
{
"category": "external",
"summary": "RHBZ#1816216",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816216"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-11612",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11612"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-11612",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11612"
}
],
"release_date": "2020-01-31T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-07-23T15:10:08+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat AMQ"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3133"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat AMQ"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "netty: compression/decompression codecs don\u0027t enforce limits on buffer allocation sizes"
}
]
}
RHSA-2020:3196
Vulnerability from csaf_redhat - Published: 2020-07-29 06:06 - Updated: 2026-05-14 22:25Summary
Red Hat Security Advisory: Red Hat Decision Manager 7.8.0 Security Update
Severity
Important
Notes
Topic: An update is now available for Red Hat Decision Manager.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Red Hat Decision Manager is an open source decision management platform that combines business rules management, complex event processing, Decision Model & Notation (DMN) execution, and Business Optimizer for solving planning problems. It automates business decisions and makes that logic available to the entire business.
This release of Red Hat Decision Manager 7.8.0 serves as an update to Red Hat Decision Manager 7.7.1, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.
Security Fix(es):
* netty: HTTP request smuggling (CVE-2019-20444)
* netty: HTTP request smuggling by mishandled whitespace before the colon in HTTP headers (CVE-2019-16869)
* netty: HTTP Request Smuggling due to Transfer-Encoding whitespace mishandling (CVE-2020-7238)
* netty: HTTP/2: flood using empty frames results in excessive resource consumption (CVE-2019-9518)
* netty: HTTP/2: flood using HEADERS frames results in unbounded memory growth (CVE-2019-9514)
* netty: HTTP/2: flood using PING frames results in unbounded memory growth (CVE-2019-9512)
* netty: HTTP/2: flood using SETTINGS frames results in unbounded memory growth (CVE-2019-9515)
* netty: HttpObjectDecoder.java allows Content-Length header to accompanied by second Content-Length header (CVE-2019-20445)
* cxf-core: cxf: does not restrict the number of message attachments (CVE-2019-12406)
* cxf-core: cxf: OpenId Connect token service does not properly validate the clientId (CVE-2019-12423)
* cxf-core: cxf: reflected XSS in the services listing page (CVE-2019-17573)
* jackson-databind: lacks certain net.sf.ehcache blocking (CVE-2019-20330)
* jackson-databind: Lacks certain xbean-reflect/JNDI blocking (CVE-2020-8840)
* jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution (CVE-2020-10672)
* jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution (CVE-2020-10673)
* jackson-databind: Serialization gadgets in anteros-core (CVE-2020-9548)
* jackson-databind: Serialization gadgets in commons-jelly:commons-jelly (CVE-2020-11620)
* jackson-databind: Serialization gadgets in ibatis-sqlmap (CVE-2020-9547)
* jackson-databind: Serialization gadgets in javax.swing.JEditorPane (CVE-2020-10969)
* jackson-databind: Serialization gadgets in org.aoju.bus.proxy.provider.*.RmiProvider (CVE-2020-10968)
* jackson-databind: Serialization gadgets in org.apache.activemq.jms.pool.XaPooledConnectionFactory (CVE-2020-11111)
* jackson-databind: Serialization gadgets in org.apache.commons.proxy.provider.remoting.RmiProvider (CVE-2020-11112)
* jackson-databind: Serialization gadgets in org.apache.openjpa.ee.WASRegistryManagedRuntime (CVE-2020-11113)
* jackson-databind: Serialization gadgets in org.springframework:spring-aop (CVE-2020-11619)
* jackson-databind: Serialization gadgets in shaded-hikari-config (CVE-2020-9546)
* jackson-databind: serialization in oadd.org.apache.xalan.lib.sql.JNDIConnectionPool (CVE-2020-14060)
* jackson-databind: serialization in weblogic/oracle-aqjms (CVE-2020-14061)
* jackson-databind: serialization in com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool (CVE-2020-14062)
* netty: compression/decompression codecs don't enforce limits on buffer allocation sizes (CVE-2020-11612)
* quartz: libquartz: XXE attacks via job description (CVE-2019-13990)
* keycloak: security issue on reset credential flow (CVE-2020-1718)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in HTTP/2. Using PING frames and queuing of response PING ACK frames, a flood attack could occur resulting in unbounded memory growth. The highest threat from this vulnerability is to system availability.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Decision Manager 7
Red Hat / Red Hat Decision Manager
|
cpe:/a:redhat:jboss_enterprise_brms_platform:7.8
|
— |
Vendor Fix
fix
|
Threats
Impact
Important
A flaw was found in HTTP/2. Using HEADER frames with invalid HTTP headers and queuing of response RST_STREAM frames, an attacker could cause a flood resulting in unbounded memory growth. The highest threat from this vulnerability is to system availability.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Decision Manager 7
Red Hat / Red Hat Decision Manager
|
cpe:/a:redhat:jboss_enterprise_brms_platform:7.8
|
— |
Vendor Fix
fix
|
Threats
Impact
Important
A flaw was found in HTTP/2. Using SETTINGS frames and queuing of SETTINGS ACK frames, a flood could occur resulting in unbounded memory growth. The highest threat from this vulnerability is to system availability.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Decision Manager 7
Red Hat / Red Hat Decision Manager
|
cpe:/a:redhat:jboss_enterprise_brms_platform:7.8
|
— |
Vendor Fix
fix
|
Threats
Impact
Important
A flaw was found in HTTP/2. Using frames with an empty payload, a flood could occur that results in excessive CPU usage and starvation of other clients. The highest threat from this vulnerability is to system availability.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Decision Manager 7
Red Hat / Red Hat Decision Manager
|
cpe:/a:redhat:jboss_enterprise_brms_platform:7.8
|
— |
Vendor Fix
fix
|
Threats
Impact
Important
Apache CXF before 3.3.4 and 3.2.11 does not restrict the number of message attachments present in a given message. This leaves open the possibility of a denial of service type attack, where a malicious user crafts a message containing a very large number of message attachments. From the 3.3.4 and 3.2.11 releases, a default limit of 50 message attachments is enforced. This is configurable via the message property "attachment-max-count".
6.5 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Decision Manager 7
Red Hat / Red Hat Decision Manager
|
cpe:/a:redhat:jboss_enterprise_brms_platform:7.8
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
Apache CXF ships with a OpenId Connect JWK Keys service, which allows a client to obtain the public keys in JWK format, which can then be used to verify the signature of tokens issued by the service. Typically, the service obtains the public key from a local keystore (JKS/PKCS12) by specifing the path of the keystore and the alias of the keystore entry. This case is not vulnerable. However it is also possible to obtain the keys from a JWK keystore file, by setting the configuration parameter "rs.security.keystore.type" to "jwk". For this case all keys are returned in this file "as is", including all private key and secret key credentials. This is an obvious security risk if the user has configured the signature keystore file with private or secret key credentials. From CXF 3.3.5 and 3.2.12, it is mandatory to specify an alias corresponding to the id of the key in the JWK file, and only this key is returned. In addition, any private key information is omitted by default. "oct" keys, which contain secret keys, are not returned at all.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Decision Manager 7
Red Hat / Red Hat Decision Manager
|
cpe:/a:redhat:jboss_enterprise_brms_platform:7.8
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
The Terracotta Quartz Scheduler is susceptible to an XML external entity attack (XXE) through a job description. This issue stems from inadequate handling of XML external entity (XXE) declarations in the initDocumentParser function within xml/XMLSchedulingDataProcessor.java. By enticing a victim to access a maliciously crafted job description (containing XML content), a remote attacker could exploit this vulnerability to execute an XXE attack on the targeted system.
8.1 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Decision Manager 7
Red Hat / Red Hat Decision Manager
|
cpe:/a:redhat:jboss_enterprise_brms_platform:7.8
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in Netty, where whitespace before the colon in HTTP headers is mishandled. This flaw allows an attacker to cause HTTP request smuggling.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Decision Manager 7
Red Hat / Red Hat Decision Manager
|
cpe:/a:redhat:jboss_enterprise_brms_platform:7.8
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
By default, Apache CXF creates a /services page containing a listing of the available endpoint names and addresses. This webpage is vulnerable to a reflected Cross-Site Scripting (XSS) attack, which allows a malicious actor to inject javascript into the web page. Please note that the attack exploits a feature which is not typically not present in modern browsers, who remove dot segments before sending the request. However, Mobile applications may be vulnerable.
6.1 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Decision Manager 7
Red Hat / Red Hat Decision Manager
|
cpe:/a:redhat:jboss_enterprise_brms_platform:7.8
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the ehcache gadget when used in conjunction with polymorphic type handling methods such as `enableDefaultTyping()` or when @JsonTypeInfo is using `Id.CLASS` or `Id.MINIMAL_CLASS` or in any other way which ObjectMapper.readValue might instantiate objects from unsafe sources. An attacker could use this flaw to execute arbitrary code.
8.1 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Decision Manager 7
Red Hat / Red Hat Decision Manager
|
cpe:/a:redhat:jboss_enterprise_brms_platform:7.8
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A HTTP smuggling flaw was found in HttpObjectDecoder.java in Netty in versions prior to version 4.1.44. HTTP headers with an invalid fold, in this case CRLF (carriage return, line feed) without being followed by SP (space) or HTAB (horizontal tab), result in situations where headers can be misread. Data integrity is the highest threat with this vulnerability.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Decision Manager 7
Red Hat / Red Hat Decision Manager
|
cpe:/a:redhat:jboss_enterprise_brms_platform:7.8
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in Netty before version 4.1.44, where it accepted multiple Content-Length headers and also accepted both Transfer-Encoding, as well as Content-Length headers where it should reject the message under such circumstances. In circumstances where Netty is used in the context of a server, it could result in a viable HTTP smuggling vulnerability.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Decision Manager 7
Red Hat / Red Hat Decision Manager
|
cpe:/a:redhat:jboss_enterprise_brms_platform:7.8
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in the reset credential flow in Keycloak. This flaw allows an attacker to gain unauthorized access to the application.
8.8 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Decision Manager 7
Red Hat / Red Hat Decision Manager
|
cpe:/a:redhat:jboss_enterprise_brms_platform:7.8
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Low
A flaw was found in Netty, where it mishandles Transfer-Encoding whitespace. This flaw allows HTTP Request Smuggling.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Decision Manager 7
Red Hat / Red Hat Decision Manager
|
cpe:/a:redhat:jboss_enterprise_brms_platform:7.8
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in FasterXML jackson-databind in versions 2.0.0 through 2.9.10.2. A "gadget" exploit is possible due to a lack of a Java object being blocking from being deserialized. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
8.1 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Decision Manager 7
Red Hat / Red Hat Decision Manager
|
cpe:/a:redhat:jboss_enterprise_brms_platform:7.8
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
8.1 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Decision Manager 7
Red Hat / Red Hat Decision Manager
|
cpe:/a:redhat:jboss_enterprise_brms_platform:7.8
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in jackson-databind 2.x. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
8.1 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Decision Manager 7
Red Hat / Red Hat Decision Manager
|
cpe:/a:redhat:jboss_enterprise_brms_platform:7.8
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in jackson-databind 2.x. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
8.1 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Decision Manager 7
Red Hat / Red Hat Decision Manager
|
cpe:/a:redhat:jboss_enterprise_brms_platform:7.8
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
8.1 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Decision Manager 7
Red Hat / Red Hat Decision Manager
|
cpe:/a:redhat:jboss_enterprise_brms_platform:7.8
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
8.1 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Decision Manager 7
Red Hat / Red Hat Decision Manager
|
cpe:/a:redhat:jboss_enterprise_brms_platform:7.8
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in jackson-databind 2.x prior to version 2.9.10.4. The interaction between serialization gadgets and typing is mishandled in the bus-proxy. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
8.8 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Decision Manager 7
Red Hat / Red Hat Decision Manager
|
cpe:/a:redhat:jboss_enterprise_brms_platform:7.8
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4. The interaction between serialization gadgets and typing is mishandled. The highest threat from this vulnerability is to data confidentiality.
8.1 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Decision Manager 7
Red Hat / Red Hat Decision Manager
|
cpe:/a:redhat:jboss_enterprise_brms_platform:7.8
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4. The interaction between serialization gadgets and typing is mishandled. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
8.1 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Decision Manager 7
Red Hat / Red Hat Decision Manager
|
cpe:/a:redhat:jboss_enterprise_brms_platform:7.8
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4. The interaction between serialization gadgets and typing is mishandled. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
8.1 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Decision Manager 7
Red Hat / Red Hat Decision Manager
|
cpe:/a:redhat:jboss_enterprise_brms_platform:7.8
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4. The interaction between serialization gadgets and typing is mishandled. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
8.1 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Decision Manager 7
Red Hat / Red Hat Decision Manager
|
cpe:/a:redhat:jboss_enterprise_brms_platform:7.8
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in Netty in the way it handles the amount of data it compresses and decompresses. The Compression/Decompression codecs should enforce memory allocation size limits to avoid an Out of Memory Error (OOME) or exhaustion of the memory pool.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Decision Manager 7
Red Hat / Red Hat Decision Manager
|
cpe:/a:redhat:jboss_enterprise_brms_platform:7.8
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in jackson-databind 2.x. The interaction between serialization gadgets and typing is mishandled. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
8.1 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Decision Manager 7
Red Hat / Red Hat Decision Manager
|
cpe:/a:redhat:jboss_enterprise_brms_platform:7.8
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in jackson-databind 2.x. The interaction between serialization gadgets and typing is mishandled. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
8.1 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Decision Manager 7
Red Hat / Red Hat Decision Manager
|
cpe:/a:redhat:jboss_enterprise_brms_platform:7.8
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.5. The interaction between serialization gadgets and typing is mishandled. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
8.1 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Decision Manager 7
Red Hat / Red Hat Decision Manager
|
cpe:/a:redhat:jboss_enterprise_brms_platform:7.8
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.5. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
8.1 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Decision Manager 7
Red Hat / Red Hat Decision Manager
|
cpe:/a:redhat:jboss_enterprise_brms_platform:7.8
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.5. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
8.1 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Decision Manager 7
Red Hat / Red Hat Decision Manager
|
cpe:/a:redhat:jboss_enterprise_brms_platform:7.8
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
References
170 references
Acknowledgments
the Envoy security team
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update is now available for Red Hat Decision Manager.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat Decision Manager is an open source decision management platform that combines business rules management, complex event processing, Decision Model \u0026 Notation (DMN) execution, and Business Optimizer for solving planning problems. It automates business decisions and makes that logic available to the entire business. \n\nThis release of Red Hat Decision Manager 7.8.0 serves as an update to Red Hat Decision Manager 7.7.1, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.\n\nSecurity Fix(es):\n\n* netty: HTTP request smuggling (CVE-2019-20444)\n\n* netty: HTTP request smuggling by mishandled whitespace before the colon in HTTP headers (CVE-2019-16869)\n\n* netty: HTTP Request Smuggling due to Transfer-Encoding whitespace mishandling (CVE-2020-7238)\n\n* netty: HTTP/2: flood using empty frames results in excessive resource consumption (CVE-2019-9518)\n\n* netty: HTTP/2: flood using HEADERS frames results in unbounded memory growth (CVE-2019-9514)\n\n* netty: HTTP/2: flood using PING frames results in unbounded memory growth (CVE-2019-9512)\n\n* netty: HTTP/2: flood using SETTINGS frames results in unbounded memory growth (CVE-2019-9515)\n\n* netty: HttpObjectDecoder.java allows Content-Length header to accompanied by second Content-Length header (CVE-2019-20445)\n\n* cxf-core: cxf: does not restrict the number of message attachments (CVE-2019-12406)\n\n* cxf-core: cxf: OpenId Connect token service does not properly validate the clientId (CVE-2019-12423)\n\n* cxf-core: cxf: reflected XSS in the services listing page (CVE-2019-17573)\n\n* jackson-databind: lacks certain net.sf.ehcache blocking (CVE-2019-20330)\n\n* jackson-databind: Lacks certain xbean-reflect/JNDI blocking (CVE-2020-8840)\n\n* jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution (CVE-2020-10672)\n\n* jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution (CVE-2020-10673)\n\n* jackson-databind: Serialization gadgets in anteros-core (CVE-2020-9548)\n\n* jackson-databind: Serialization gadgets in commons-jelly:commons-jelly (CVE-2020-11620)\n\n* jackson-databind: Serialization gadgets in ibatis-sqlmap (CVE-2020-9547)\n\n* jackson-databind: Serialization gadgets in javax.swing.JEditorPane (CVE-2020-10969)\n\n* jackson-databind: Serialization gadgets in org.aoju.bus.proxy.provider.*.RmiProvider (CVE-2020-10968)\n\n* jackson-databind: Serialization gadgets in org.apache.activemq.jms.pool.XaPooledConnectionFactory (CVE-2020-11111)\n\n* jackson-databind: Serialization gadgets in org.apache.commons.proxy.provider.remoting.RmiProvider (CVE-2020-11112)\n\n* jackson-databind: Serialization gadgets in org.apache.openjpa.ee.WASRegistryManagedRuntime (CVE-2020-11113)\n\n* jackson-databind: Serialization gadgets in org.springframework:spring-aop (CVE-2020-11619)\n\n* jackson-databind: Serialization gadgets in shaded-hikari-config (CVE-2020-9546)\n\n* jackson-databind: serialization in oadd.org.apache.xalan.lib.sql.JNDIConnectionPool (CVE-2020-14060)\n\n* jackson-databind: serialization in weblogic/oracle-aqjms (CVE-2020-14061)\n\n* jackson-databind: serialization in com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool (CVE-2020-14062)\n\n* netty: compression/decompression codecs don\u0027t enforce limits on buffer allocation sizes (CVE-2020-11612)\n\n* quartz: libquartz: XXE attacks via job description (CVE-2019-13990)\n\n* keycloak: security issue on reset credential flow (CVE-2020-1718)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2020:3196",
"url": "https://access.redhat.com/errata/RHSA-2020:3196"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions\u0026product=rhdm\u0026version=7.8.0",
"url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions\u0026product=rhdm\u0026version=7.8.0"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_decision_manager/7.8/html/release_notes_for_red_hat_decision_manager_7.8/index",
"url": "https://access.redhat.com/documentation/en-us/red_hat_decision_manager/7.8/html/release_notes_for_red_hat_decision_manager_7.8/index"
},
{
"category": "external",
"summary": "1735645",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1735645"
},
{
"category": "external",
"summary": "1735744",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1735744"
},
{
"category": "external",
"summary": "1735745",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1735745"
},
{
"category": "external",
"summary": "1735749",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1735749"
},
{
"category": "external",
"summary": "1758619",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1758619"
},
{
"category": "external",
"summary": "1793154",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1793154"
},
{
"category": "external",
"summary": "1796225",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1796225"
},
{
"category": "external",
"summary": "1796756",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1796756"
},
{
"category": "external",
"summary": "1797006",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1797006"
},
{
"category": "external",
"summary": "1797011",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1797011"
},
{
"category": "external",
"summary": "1798509",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1798509"
},
{
"category": "external",
"summary": "1798524",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1798524"
},
{
"category": "external",
"summary": "1801149",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1801149"
},
{
"category": "external",
"summary": "1815470",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1815470"
},
{
"category": "external",
"summary": "1815495",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1815495"
},
{
"category": "external",
"summary": "1816170",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816170"
},
{
"category": "external",
"summary": "1816216",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816216"
},
{
"category": "external",
"summary": "1816330",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816330"
},
{
"category": "external",
"summary": "1816332",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816332"
},
{
"category": "external",
"summary": "1816337",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816337"
},
{
"category": "external",
"summary": "1816340",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816340"
},
{
"category": "external",
"summary": "1819208",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1819208"
},
{
"category": "external",
"summary": "1819212",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1819212"
},
{
"category": "external",
"summary": "1821304",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1821304"
},
{
"category": "external",
"summary": "1821311",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1821311"
},
{
"category": "external",
"summary": "1821315",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1821315"
},
{
"category": "external",
"summary": "1826798",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1826798"
},
{
"category": "external",
"summary": "1826805",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1826805"
},
{
"category": "external",
"summary": "1848960",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1848960"
},
{
"category": "external",
"summary": "1848962",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1848962"
},
{
"category": "external",
"summary": "1848966",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1848966"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_3196.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Decision Manager 7.8.0 Security Update",
"tracking": {
"current_release_date": "2026-05-14T22:25:17+00:00",
"generator": {
"date": "2026-05-14T22:25:17+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.0"
}
},
"id": "RHSA-2020:3196",
"initial_release_date": "2020-07-29T06:06:57+00:00",
"revision_history": [
{
"date": "2020-07-29T06:06:57+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2020-07-29T06:06:57+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-05-14T22:25:17+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Decision Manager 7",
"product": {
"name": "Red Hat Decision Manager 7",
"product_id": "Red Hat Decision Manager 7",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_brms_platform:7.8"
}
}
}
],
"category": "product_family",
"name": "Red Hat Decision Manager"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"the Envoy security team"
]
}
],
"cve": "CVE-2019-9512",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2019-08-01T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1735645"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in HTTP/2. Using PING frames and queuing of response PING ACK frames, a flood attack could occur resulting in unbounded memory growth. The highest threat from this vulnerability is to system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "HTTP/2: flood using PING frames results in unbounded memory growth",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The golang package in Red Hat OpenStack Platform 9 Operational Tools will not be updated for this flaw because it is in technical preview and is retiring as of 24.Aug.2019.\nThis issue did not affect the versions of grafana(embeds golang) as shipped with Red Hat Ceph Storage 2 and Red Hat Gluster Storage 3 as they did not include the support for HTTP/2.\nThe following storage product versions are affected because they include the support for HTTP/2 in:\n* golang as shipped with Red Hat Gluster Storage 3, Red Hat Ceph Storage 2 and Red Hat Ceph Storage 3\n* heketi(embeds golang) as shipped with Red Hat Gluster Storage 3\n* grafana(embeds golang and grpc) as shipped with Red Hat Ceph Storage 3\nThis flaw has no available mitigation for packages golang and nodejs. Both packages will be updated once the available fixes are released for Red Hat Enterprise Linux and Red Hat Software Collections.\n\nThe nodejs RPM shipped in OpenShift Container Platform 3.9 and 3.10 is not affected by this flaw as it does not contain the vulnerable code.\n\nAll OpenShift Container Platform RPMs and container images that are built with Go and support HTTP/2 are vulnerable to this flaw.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Decision Manager 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-9512"
},
{
"category": "external",
"summary": "RHBZ#1735645",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1735645"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-9512",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9512"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-9512",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9512"
},
{
"category": "external",
"summary": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md",
"url": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md"
},
{
"category": "external",
"summary": "https://groups.google.com/forum/#!topic/golang-announce/65QixT3tcmg",
"url": "https://groups.google.com/forum/#!topic/golang-announce/65QixT3tcmg"
},
{
"category": "external",
"summary": "https://groups.google.com/forum/#!topic/kubernetes-security-announce/wlHLHit1BqA",
"url": "https://groups.google.com/forum/#!topic/kubernetes-security-announce/wlHLHit1BqA"
},
{
"category": "external",
"summary": "https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/",
"url": "https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/"
},
{
"category": "external",
"summary": "https://www.mail-archive.com/grpc-io@googlegroups.com/msg06408.html",
"url": "https://www.mail-archive.com/grpc-io@googlegroups.com/msg06408.html"
}
],
"release_date": "2019-08-13T17:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-07-29T06:06:57+00:00",
"details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nIt is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat Decision Manager 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3196"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"Red Hat Decision Manager 7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "HTTP/2: flood using PING frames results in unbounded memory growth"
},
{
"acknowledgments": [
{
"names": [
"the Envoy security team"
]
}
],
"cve": "CVE-2019-9514",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2019-08-01T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1735744"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in HTTP/2. Using HEADER frames with invalid HTTP headers and queuing of response RST_STREAM frames, an attacker could cause a flood resulting in unbounded memory growth. The highest threat from this vulnerability is to system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "HTTP/2: flood using HEADERS frames results in unbounded memory growth",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The golang package in Red Hat OpenStack Platform 9 Operational Tools will not be updated for this flaw because it is in technical preview and is retiring as of 24.Aug.2019.\nThis issue did not affect the versions of grafana(embeds golang) as shipped with Red Hat Ceph Storage 2 and Red Hat Gluster Storage 3 as they did not include the support for HTTP/2.\nThe following storage product versions are affected because they include the support for HTTP/2 in:\n* golang as shipped with Red Hat Gluster Storage 3, Red Hat Ceph Storage 2 and Red Hat Ceph Storage 3\n* heketi(embeds golang) as shipped with Red Hat Gluster Storage 3\n* grafana(embeds golang and grpc) as shipped with Red Hat Ceph Storage 3\nThis flaw has no available mitigation for packages golang and nodejs. Both packages will be updated once the available fixes are released for Red Hat Enterprise Linux and Red Hat Software Collections.\n\nThe nodejs RPM shipped in OpenShift Container Platform 3.9 and 3.10 is not affected by this flaw as it does not contain the vulnerable code.\n\nAll OpenShift Container Platform RPMs and container images that are built with Go and support HTTP/2 are vulnerable to this flaw.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Decision Manager 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-9514"
},
{
"category": "external",
"summary": "RHBZ#1735744",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1735744"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-9514",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9514"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-9514",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9514"
},
{
"category": "external",
"summary": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md",
"url": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md"
},
{
"category": "external",
"summary": "https://groups.google.com/forum/#!topic/golang-announce/65QixT3tcmg",
"url": "https://groups.google.com/forum/#!topic/golang-announce/65QixT3tcmg"
},
{
"category": "external",
"summary": "https://groups.google.com/forum/#!topic/kubernetes-security-announce/wlHLHit1BqA",
"url": "https://groups.google.com/forum/#!topic/kubernetes-security-announce/wlHLHit1BqA"
},
{
"category": "external",
"summary": "https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/",
"url": "https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/"
},
{
"category": "external",
"summary": "https://www.mail-archive.com/grpc-io@googlegroups.com/msg06408.html",
"url": "https://www.mail-archive.com/grpc-io@googlegroups.com/msg06408.html"
}
],
"release_date": "2019-08-13T17:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-07-29T06:06:57+00:00",
"details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nIt is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat Decision Manager 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3196"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"Red Hat Decision Manager 7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "HTTP/2: flood using HEADERS frames results in unbounded memory growth"
},
{
"acknowledgments": [
{
"names": [
"the Envoy security team"
]
}
],
"cve": "CVE-2019-9515",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2019-08-01T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1735745"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in HTTP/2. Using SETTINGS frames and queuing of SETTINGS ACK frames, a flood could occur resulting in unbounded memory growth. The highest threat from this vulnerability is to system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "HTTP/2: flood using SETTINGS frames results in unbounded memory growth",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue affects the version of grafana(embeds gRPC) as shipped with Red Hat Ceph Storage 3 as it include the support for HTTP/2.\nThis flaw has no available mitigation for nodejs package. It will be updated once the available fixes are released for Red Hat Enterprise Linux and Red Hat Software Collections.\n\nThe nodejs RPM shipped in OpenShift Container Platform 3.9 and 3.10 is not affected by this flaw as it does not contain the vulnerable code.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Decision Manager 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-9515"
},
{
"category": "external",
"summary": "RHBZ#1735745",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1735745"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-9515",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9515"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-9515",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9515"
},
{
"category": "external",
"summary": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md",
"url": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md"
},
{
"category": "external",
"summary": "https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/",
"url": "https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/"
},
{
"category": "external",
"summary": "https://www.mail-archive.com/grpc-io@googlegroups.com/msg06408.html",
"url": "https://www.mail-archive.com/grpc-io@googlegroups.com/msg06408.html"
}
],
"release_date": "2019-08-13T17:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-07-29T06:06:57+00:00",
"details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nIt is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat Decision Manager 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3196"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"Red Hat Decision Manager 7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "HTTP/2: flood using SETTINGS frames results in unbounded memory growth"
},
{
"acknowledgments": [
{
"names": [
"the Envoy security team"
]
}
],
"cve": "CVE-2019-9518",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2019-08-01T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1735749"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in HTTP/2. Using frames with an empty payload, a flood could occur that results in excessive CPU usage and starvation of other clients. The highest threat from this vulnerability is to system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "HTTP/2: flood using empty frames results in excessive resource consumption",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw has no available mitigation for nodejs package. It will be updated once the available fixes are released for Red Hat Enterprise Linux and Red Hat Software Collections.\n\nThe nodejs RPM shipped in OpenShift Container Platform 3.9 and 3.10 is not affected by this flaw as it does not contain the vulnerable code.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Decision Manager 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-9518"
},
{
"category": "external",
"summary": "RHBZ#1735749",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1735749"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-9518",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9518"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-9518",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9518"
},
{
"category": "external",
"summary": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md",
"url": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md"
},
{
"category": "external",
"summary": "https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/",
"url": "https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/"
}
],
"release_date": "2019-08-13T17:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-07-29T06:06:57+00:00",
"details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nIt is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat Decision Manager 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3196"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"Red Hat Decision Manager 7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "HTTP/2: flood using empty frames results in excessive resource consumption"
},
{
"cve": "CVE-2019-12406",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2020-03-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1816170"
}
],
"notes": [
{
"category": "description",
"text": "Apache CXF before 3.3.4 and 3.2.11 does not restrict the number of message attachments present in a given message. This leaves open the possibility of a denial of service type attack, where a malicious user crafts a message containing a very large number of message attachments. From the 3.3.4 and 3.2.11 releases, a default limit of 50 message attachments is enforced. This is configurable via the message property \"attachment-max-count\".",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "cxf: does not restrict the number of message attachments",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Decision Manager 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-12406"
},
{
"category": "external",
"summary": "RHBZ#1816170",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816170"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-12406",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12406"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-12406",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12406"
}
],
"release_date": "2019-11-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-07-29T06:06:57+00:00",
"details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nIt is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat Decision Manager 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3196"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Decision Manager 7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "cxf: does not restrict the number of message attachments"
},
{
"cve": "CVE-2019-12423",
"cwe": {
"id": "CWE-522",
"name": "Insufficiently Protected Credentials"
},
"discovery_date": "2020-01-31T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1797006"
}
],
"notes": [
{
"category": "description",
"text": "Apache CXF ships with a OpenId Connect JWK Keys service, which allows a client to obtain the public keys in JWK format, which can then be used to verify the signature of tokens issued by the service. Typically, the service obtains the public key from a local keystore (JKS/PKCS12) by specifing the path of the keystore and the alias of the keystore entry. This case is not vulnerable. However it is also possible to obtain the keys from a JWK keystore file, by setting the configuration parameter \"rs.security.keystore.type\" to \"jwk\". For this case all keys are returned in this file \"as is\", including all private key and secret key credentials. This is an obvious security risk if the user has configured the signature keystore file with private or secret key credentials. From CXF 3.3.5 and 3.2.12, it is mandatory to specify an alias corresponding to the id of the key in the JWK file, and only this key is returned. In addition, any private key information is omitted by default. \"oct\" keys, which contain secret keys, are not returned at all.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "cxf: OpenId Connect token service does not properly validate the clientId",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Decision Manager 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-12423"
},
{
"category": "external",
"summary": "RHBZ#1797006",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1797006"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-12423",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12423"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-12423",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12423"
}
],
"release_date": "2020-01-16T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-07-29T06:06:57+00:00",
"details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nIt is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat Decision Manager 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3196"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat Decision Manager 7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "cxf: OpenId Connect token service does not properly validate the clientId"
},
{
"cve": "CVE-2019-13990",
"cwe": {
"id": "CWE-611",
"name": "Improper Restriction of XML External Entity Reference"
},
"discovery_date": "2019-07-27T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1801149"
}
],
"notes": [
{
"category": "description",
"text": "The Terracotta Quartz Scheduler is susceptible to an XML external entity attack (XXE) through a job description. This issue stems from inadequate handling of XML external entity (XXE) declarations in the initDocumentParser function within xml/XMLSchedulingDataProcessor.java. By enticing a victim to access a maliciously crafted job description (containing XML content), a remote attacker could exploit this vulnerability to execute an XXE attack on the targeted system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libquartz: XXE attacks via job description",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Satellite 6 uses a vulnerable version of libquartz as a dependency for Candlepin. However, the \u003cjob\u003e\u003cdescrition\u003e entry is not used, and the vulnerability can not be triggered. An update may fix the code in the future.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Decision Manager 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-13990"
},
{
"category": "external",
"summary": "RHBZ#1801149",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1801149"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-13990",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13990"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-13990",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13990"
}
],
"release_date": "2019-07-26T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-07-29T06:06:57+00:00",
"details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nIt is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat Decision Manager 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3196"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Decision Manager 7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libquartz: XXE attacks via job description"
},
{
"cve": "CVE-2019-16869",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"discovery_date": "2019-09-26T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1758619"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Netty, where whitespace before the colon in HTTP headers is mishandled. This flaw allows an attacker to cause HTTP request smuggling.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "netty: HTTP request smuggling by mishandled whitespace before the colon in HTTP headers",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "OpenShift Container Platform ships a vulnerable netty library as part of the logging-elasticsearch5 container. ElasticSearch\u0027s security team has stated that this vulnerability does not poses a substantial practical threat to ElasticSearch 6 [1]. We agree that this issue would be difficult to exploit these vulnerabilities on OpenShift Container Platform, so we\u0027re reducing the impact of this issue to moderate and may fix it in the future release.\n\nRed Hat Satellite ships vulnerable netty version embedded in Candlepin, however, is not directly vulnerable since HTTP requests are handled by Tomcat and not netty.\n\n[1] https://github.com/elastic/elasticsearch/issues/49396",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Decision Manager 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-16869"
},
{
"category": "external",
"summary": "RHBZ#1758619",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1758619"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-16869",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16869"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-16869",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-16869"
}
],
"release_date": "2019-09-26T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-07-29T06:06:57+00:00",
"details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nIt is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat Decision Manager 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3196"
},
{
"category": "workaround",
"details": "* Use HTTP/2 instead (clear boundaries between requests)\n* Disable reuse of backend connections eg. ```http-reuse never``` in HAProxy or whatever equivalent LB settings",
"product_ids": [
"Red Hat Decision Manager 7"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"products": [
"Red Hat Decision Manager 7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "netty: HTTP request smuggling by mishandled whitespace before the colon in HTTP headers"
},
{
"cve": "CVE-2019-17573",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2020-01-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1797011"
}
],
"notes": [
{
"category": "description",
"text": "By default, Apache CXF creates a /services page containing a listing of the available endpoint names and addresses. This webpage is vulnerable to a reflected Cross-Site Scripting (XSS) attack, which allows a malicious actor to inject javascript into the web page. Please note that the attack exploits a feature which is not typically not present in modern browsers, who remove dot segments before sending the request. However, Mobile applications may be vulnerable.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "cxf: reflected XSS in the services listing page",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Decision Manager 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-17573"
},
{
"category": "external",
"summary": "RHBZ#1797011",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1797011"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-17573",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17573"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-17573",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-17573"
}
],
"release_date": "2020-01-16T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-07-29T06:06:57+00:00",
"details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nIt is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat Decision Manager 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3196"
},
{
"category": "workaround",
"details": "Mitigate this flaw by disabling the service listing altogether; via setting the \"hide-service-list-page\" servlet parameter to \"true\".",
"product_ids": [
"Red Hat Decision Manager 7"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat Decision Manager 7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "cxf: reflected XSS in the services listing page"
},
{
"cve": "CVE-2019-20330",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2020-01-20T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1793154"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the ehcache gadget when used in conjunction with polymorphic type handling methods such as `enableDefaultTyping()` or when @JsonTypeInfo is using `Id.CLASS` or `Id.MINIMAL_CLASS` or in any other way which ObjectMapper.readValue might instantiate objects from unsafe sources. An attacker could use this flaw to execute arbitrary code.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: lacks certain net.sf.ehcache blocking",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "While OpenShift Container Platform\u0027s elasticsearch plugins do ship the vulnerable component, it doesn\u0027t do any of the unsafe things described in https://access.redhat.com/solutions/3279231. We may update the jackson-databind dependency in a future release.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Decision Manager 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-20330"
},
{
"category": "external",
"summary": "RHBZ#1793154",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1793154"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-20330",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20330"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-20330",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-20330"
}
],
"release_date": "2020-01-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-07-29T06:06:57+00:00",
"details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nIt is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat Decision Manager 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3196"
},
{
"category": "workaround",
"details": "The following conditions are needed for an exploit, we recommend avoiding all if possible:\n* Deserialization from sources you do not control\n* `enableDefaultTyping()`\n* `@JsonTypeInfo using `id.CLASS` or `id.MINIMAL_CLASS`",
"product_ids": [
"Red Hat Decision Manager 7"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Decision Manager 7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: lacks certain net.sf.ehcache blocking"
},
{
"cve": "CVE-2019-20444",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"discovery_date": "2020-01-30T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1798524"
}
],
"notes": [
{
"category": "description",
"text": "A HTTP smuggling flaw was found in HttpObjectDecoder.java in Netty in versions prior to version 4.1.44. HTTP headers with an invalid fold, in this case CRLF (carriage return, line feed) without being followed by SP (space) or HTAB (horizontal tab), result in situations where headers can be misread. Data integrity is the highest threat with this vulnerability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "netty: HTTP request smuggling",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "OpenShift Container Platform ships a vulnerable netty library as part of the logging-elasticsearch5 container. ElasticSearch\u0027s security team has stated that the previous vulnerability, CVE-2019-16869, does not pose a substantial practical threat to ElasticSearch 6. We agree that these issues would be difficult to exploit on OpenShift Container Platform so we\u0027re reducing the impact of this issue to moderate and may fix it in the future release.\n\nRed Hat Satellite ships a vulnerable version of netty embedded in Candlepin. However, the flaw can not be triggered in that context, because HTTP requests are handled by Tomcat, not by netty. A future release may fix this.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Decision Manager 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-20444"
},
{
"category": "external",
"summary": "RHBZ#1798524",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1798524"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-20444",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20444"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-20444",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-20444"
},
{
"category": "external",
"summary": "https://github.com/elastic/elasticsearch/issues/49396",
"url": "https://github.com/elastic/elasticsearch/issues/49396"
}
],
"release_date": "2020-01-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-07-29T06:06:57+00:00",
"details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nIt is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat Decision Manager 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3196"
},
{
"category": "workaround",
"details": "* Use HTTP/2 instead (clear boundaries between requests)\n* Disable reuse of backend connections eg. ```http-reuse never``` in HAProxy or whatever equivalent LB settings",
"product_ids": [
"Red Hat Decision Manager 7"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Decision Manager 7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "netty: HTTP request smuggling"
},
{
"cve": "CVE-2019-20445",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"discovery_date": "2020-01-20T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1798509"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Netty before version 4.1.44, where it accepted multiple Content-Length headers and also accepted both Transfer-Encoding, as well as Content-Length headers where it should reject the message under such circumstances. In circumstances where Netty is used in the context of a server, it could result in a viable HTTP smuggling vulnerability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "netty: HttpObjectDecoder.java allows Content-Length header to accompanied by second Content-Length header",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "OpenShift Container Platform ships a vulnerable netty library as part of the logging-elasticsearch5 container. ElasticSearch\u0027s security team has stated that the previous vulnerability, CVE-2019-16869, does not poses a substantial practical threat to ElasticSearch 6 [1]. We agree that this issue would be difficult to exploit both these vulnerabilities on OpenShift Container Platform, so we\u0027re reducing the impact of this issue to moderate and may fix it in the future release.\n\nRed Hat Satellite ships a vulnerable version of netty embedded in Candlepin. However, the flaw can not be triggered in that context, because HTTP requests are handled by Tomcat, not by netty. A future release may fix this.\n\n[1] https://github.com/elastic/elasticsearch/issues/49396",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Decision Manager 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-20445"
},
{
"category": "external",
"summary": "RHBZ#1798509",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1798509"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-20445",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20445"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-20445",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-20445"
}
],
"release_date": "2020-01-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-07-29T06:06:57+00:00",
"details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nIt is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat Decision Manager 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3196"
},
{
"category": "workaround",
"details": "* Use HTTP/2 instead (clear boundaries between requests)\n* Disable reuse of backend connections eg. ```http-reuse never``` in HAProxy or whatever equivalent LB settings",
"product_ids": [
"Red Hat Decision Manager 7"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Decision Manager 7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "netty: HttpObjectDecoder.java allows Content-Length header to accompanied by second Content-Length header"
},
{
"cve": "CVE-2020-1718",
"cwe": {
"id": "CWE-287",
"name": "Improper Authentication"
},
"discovery_date": "2020-01-31T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1796756"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the reset credential flow in Keycloak. This flaw allows an attacker to gain unauthorized access to the application.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "keycloak: security issue on reset credential flow",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Decision Manager 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-1718"
},
{
"category": "external",
"summary": "RHBZ#1796756",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1796756"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-1718",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1718"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1718",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1718"
}
],
"release_date": "2020-05-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-07-29T06:06:57+00:00",
"details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nIt is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat Decision Manager 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3196"
},
{
"category": "workaround",
"details": "Disable reset credential flow.",
"product_ids": [
"Red Hat Decision Manager 7"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Decision Manager 7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "keycloak: security issue on reset credential flow"
},
{
"cve": "CVE-2020-7238",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"discovery_date": "2020-01-27T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1796225"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Netty, where it mishandles Transfer-Encoding whitespace. This flaw allows HTTP Request Smuggling.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "netty: HTTP Request Smuggling due to Transfer-Encoding whitespace mishandling",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "OpenShift Container Platform ships a vulnerable netty library as part of the logging-elasticsearch5 container. ElasticSearch\u0027s security team has stated that the previous vulnerability, CVE-2019-16869, does not poses a substantial practical threat to ElasticSearch 6 [1]. We agree that this issue would be difficult to exploit both these vulnerabilities on OpenShift Container Platform, so we\u0027re reducing the impact of this issue to moderate and may fix it in the future release.\n\nRed Hat Satellite ships vulnerable netty version embedded in Candlepin, however, is not directly vulnerable since HTTP requests are handled by Tomcat and not netty.\n\n[1] https://github.com/elastic/elasticsearch/issues/49396",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Decision Manager 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-7238"
},
{
"category": "external",
"summary": "RHBZ#1796225",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1796225"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-7238",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7238"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-7238",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-7238"
},
{
"category": "external",
"summary": "https://netty.io/news/2019/12/18/4-1-44-Final.html",
"url": "https://netty.io/news/2019/12/18/4-1-44-Final.html"
}
],
"release_date": "2020-01-26T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-07-29T06:06:57+00:00",
"details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nIt is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat Decision Manager 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3196"
},
{
"category": "workaround",
"details": "* Use HTTP/2 instead (clear boundaries between requests)\n* Disable reuse of backend connections eg. ```http-reuse never``` in HAProxy or whatever equivalent LB settings",
"product_ids": [
"Red Hat Decision Manager 7"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Decision Manager 7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "netty: HTTP Request Smuggling due to Transfer-Encoding whitespace mishandling"
},
{
"cve": "CVE-2020-8840",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2020-03-02T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1816330"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in FasterXML jackson-databind in versions 2.0.0 through 2.9.10.2. A \"gadget\" exploit is possible due to a lack of a Java object being blocking from being deserialized. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: Lacks certain xbean-reflect/JNDI blocking",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.\n\nWhile OpenShift Container Platform\u0027s elasticsearch plugins do ship the vulnerable component, it doesn\u0027t do any of the unsafe things described in https://access.redhat.com/solutions/3279231. We may update the jackson-databind dependency in a future release.\n\nRed Hat Satellite 6 does not enable polymorphic deserialization which is a required configuration for the vulnerability to be used. We may update the jackson-databind dependency in a future release.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Decision Manager 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-8840"
},
{
"category": "external",
"summary": "RHBZ#1816330",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816330"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-8840",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8840"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-8840",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8840"
}
],
"release_date": "2020-03-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-07-29T06:06:57+00:00",
"details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nIt is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat Decision Manager 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3196"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Decision Manager 7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: Lacks certain xbean-reflect/JNDI blocking"
},
{
"cve": "CVE-2020-9546",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2020-03-02T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1816332"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: Serialization gadgets in shaded-hikari-config",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.\n\nWhile OpenShift Container Platform\u0027s elasticsearch plugins do ship the vulnerable component, it doesn\u0027t do any of the unsafe things described in https://access.redhat.com/solutions/3279231. We may update the jackson-databind dependency in a future release.\n\nRed Hat Satellite 6 does not enable polymorphic deserialization which is a required configuration for the vulnerability to be used. We may update the jackson-databind dependency in a future release.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Decision Manager 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-9546"
},
{
"category": "external",
"summary": "RHBZ#1816332",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816332"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-9546",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-9546"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-9546",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-9546"
}
],
"release_date": "2020-03-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-07-29T06:06:57+00:00",
"details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nIt is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat Decision Manager 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3196"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Decision Manager 7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: Serialization gadgets in shaded-hikari-config"
},
{
"cve": "CVE-2020-9547",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2020-03-02T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1816337"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in jackson-databind 2.x. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: Serialization gadgets in ibatis-sqlmap",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.\n\nWhile OpenShift Container Platform\u0027s elasticsearch plugins do ship the vulnerable component, it doesn\u0027t do any of the unsafe things described in https://access.redhat.com/solutions/3279231. We may update the jackson-databind dependency in a future release.\n\nRed Hat Satellite 6 does not enable polymorphic deserialization which is a required configuration for the vulnerability to be used. We may update the jackson-databind dependency in a future release.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Decision Manager 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-9547"
},
{
"category": "external",
"summary": "RHBZ#1816337",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816337"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-9547",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-9547"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-9547",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-9547"
}
],
"release_date": "2020-03-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-07-29T06:06:57+00:00",
"details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nIt is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat Decision Manager 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3196"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Decision Manager 7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: Serialization gadgets in ibatis-sqlmap"
},
{
"cve": "CVE-2020-9548",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2020-03-02T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1816340"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in jackson-databind 2.x. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: Serialization gadgets in anteros-core",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.\n\nWhile OpenShift Container Platform\u0027s elasticsearch plugins do ship the vulnerable component, it doesn\u0027t do any of the unsafe things described in https://access.redhat.com/solutions/3279231. We may update the jackson-databind dependency in a future release.\n\nRed Hat Satellite 6 does not enable polymorphic deserialization which is a required configuration for the vulnerability to be used. We may update the jackson-databind dependency in a future release.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Decision Manager 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-9548"
},
{
"category": "external",
"summary": "RHBZ#1816340",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816340"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-9548",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-9548"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-9548",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-9548"
}
],
"release_date": "2020-03-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-07-29T06:06:57+00:00",
"details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nIt is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat Decision Manager 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3196"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Decision Manager 7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: Serialization gadgets in anteros-core"
},
{
"cve": "CVE-2020-10672",
"cwe": {
"id": "CWE-96",
"name": "Improper Neutralization of Directives in Statically Saved Code (\u0027Static Code Injection\u0027)"
},
"discovery_date": "2020-03-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1815495"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Decision Manager 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-10672"
},
{
"category": "external",
"summary": "RHBZ#1815495",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1815495"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-10672",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10672"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10672",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10672"
}
],
"release_date": "2020-03-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-07-29T06:06:57+00:00",
"details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nIt is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat Decision Manager 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3196"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Decision Manager 7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution"
},
{
"cve": "CVE-2020-10673",
"cwe": {
"id": "CWE-96",
"name": "Improper Neutralization of Directives in Statically Saved Code (\u0027Static Code Injection\u0027)"
},
"discovery_date": "2020-03-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1815470"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time. Additionally, the gadget is not available within Red Hat Openstack Platform\u0027s OpenDaylight.\n\nWhile OpenShift Container Platform\u0027s elasticsearch plugins do ship the vulnerable component, it doesn\u0027t do any of the unsafe things described in https://access.redhat.com/solutions/3279231. We may update the jackson-databind dependency in a future release.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Decision Manager 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-10673"
},
{
"category": "external",
"summary": "RHBZ#1815470",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1815470"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-10673",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10673"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10673",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10673"
}
],
"release_date": "2020-03-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-07-29T06:06:57+00:00",
"details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nIt is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat Decision Manager 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3196"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Decision Manager 7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution"
},
{
"cve": "CVE-2020-10968",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2020-03-26T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1819208"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in jackson-databind 2.x prior to version 2.9.10.4. The interaction between serialization gadgets and typing is mishandled in the bus-proxy. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: Serialization gadgets in org.aoju.bus.proxy.provider.*.RmiProvider",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "While OpenShift Container Platform\u0027s elasticsearch plugins do ship the vulnerable component, it doesn\u0027t do any of the unsafe things described in https://access.redhat.com/solutions/3279231. We may update the jackson-databind dependency in a future release.\n\nRed Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.\n\nRed Hat Satellite 6 does not enable polymorphic deserialization which is a required configuration for the vulnerability to be used. We may update the jackson-databind dependency in a future release.\n\nThe PKI module as shipped in Red Hat Enterprise Linux 8 does not enable polymorphic deserialization which is a required configuration for the vulnerability to be used, lowering the impact of the vulnerability for the Product. We may update the jackson-databind dependency in a future release.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Decision Manager 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-10968"
},
{
"category": "external",
"summary": "RHBZ#1819208",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1819208"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-10968",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10968"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10968",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10968"
}
],
"release_date": "2020-03-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-07-29T06:06:57+00:00",
"details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nIt is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat Decision Manager 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3196"
},
{
"category": "workaround",
"details": "The following conditions are needed for an exploit, we recommend avoiding all if possible\n* Deserialization from sources you do not control\n* `enableDefaultTyping()`\n* `@JsonTypeInfo using `id.CLASS` or `id.MINIMAL_CLASS`",
"product_ids": [
"Red Hat Decision Manager 7"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Decision Manager 7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: Serialization gadgets in org.aoju.bus.proxy.provider.*.RmiProvider"
},
{
"cve": "CVE-2020-10969",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2020-03-26T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1819212"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4. The interaction between serialization gadgets and typing is mishandled. The highest threat from this vulnerability is to data confidentiality.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: Serialization gadgets in javax.swing.JEditorPane",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "While OpenShift Container Platform\u0027s elasticsearch plugins do ship the vulnerable component, it doesn\u0027t do any of the unsafe things described in https://access.redhat.com/solutions/3279231. We may update the jackson-databind dependency in a future release.\n\nRed Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.\n\nRed Hat Satellite 6 does not enable polymorphic deserialization which is a required configuration for the vulnerability to be used. We may update the jackson-databind dependency in a future release.\n\nThe PKI module as shipped in Red Hat Enterprise Linux 8 does not enable polymorphic deserialization which is a required configuration for the vulnerability to be used, lowering the impact of the vulnerability for the Product. We may update the jackson-databind dependency in a future release.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Decision Manager 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-10969"
},
{
"category": "external",
"summary": "RHBZ#1819212",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1819212"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-10969",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10969"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10969",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10969"
}
],
"release_date": "2020-03-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-07-29T06:06:57+00:00",
"details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nIt is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat Decision Manager 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3196"
},
{
"category": "workaround",
"details": "The following conditions are needed for an exploit, we recommend avoiding all if possible\n* Deserialization from sources you do not control\n* `enableDefaultTyping()`\n* `@JsonTypeInfo using `id.CLASS` or `id.MINIMAL_CLASS`",
"product_ids": [
"Red Hat Decision Manager 7"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Decision Manager 7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: Serialization gadgets in javax.swing.JEditorPane"
},
{
"cve": "CVE-2020-11111",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2020-03-31T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1821304"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4. The interaction between serialization gadgets and typing is mishandled. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: Serialization gadgets in org.apache.activemq.jms.pool.XaPooledConnectionFactory",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Satellite 6 does not enable polymorphic deserialization which is a required configuration for the vulnerability to be used. We may update the jackson-databind dependency in a future release.\n\nRed Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.\n\nWhile OpenShift Container Platform\u0027s elasticsearch plugins do ship the vulnerable component, it doesn\u0027t do any of the unsafe things described in https://access.redhat.com/solutions/3279231. We may update the jackson-databind dependency in a future release.\n\nThe PKI module as shipped in Red Hat Enterprise Linux 8 does not enable polymorphic deserialization which is a required configuration for the vulnerability to be used, lowering the impact of the vulnerability for the Product. We may update the jackson-databind dependency in a future release.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Decision Manager 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-11111"
},
{
"category": "external",
"summary": "RHBZ#1821304",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1821304"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-11111",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11111"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-11111",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11111"
},
{
"category": "external",
"summary": "https://github.com/FasterXML/jackson-databind/issues/2664",
"url": "https://github.com/FasterXML/jackson-databind/issues/2664"
}
],
"release_date": "2020-03-24T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-07-29T06:06:57+00:00",
"details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nIt is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat Decision Manager 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3196"
},
{
"category": "workaround",
"details": "The following conditions are needed for an exploit, we recommend avoiding all if possible\n* Deserialization from sources you do not control\n* `enableDefaultTyping()`\n* `@JsonTypeInfo using `id.CLASS` or `id.MINIMAL_CLASS`",
"product_ids": [
"Red Hat Decision Manager 7"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Decision Manager 7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: Serialization gadgets in org.apache.activemq.jms.pool.XaPooledConnectionFactory"
},
{
"cve": "CVE-2020-11112",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2020-03-31T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1821311"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4. The interaction between serialization gadgets and typing is mishandled. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: Serialization gadgets in org.apache.commons.proxy.provider.remoting.RmiProvider",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Satellite 6 does not enable polymorphic deserialization which is a required configuration for the vulnerability to be used. We may update the jackson-databind dependency in a future release.\n\nRed Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.\n\nWhile OpenShift Container Platform\u0027s elasticsearch plugins do ship the vulnerable component, it doesn\u0027t do any of the unsafe things described in https://access.redhat.com/solutions/3279231. We may update the jackson-databind dependency in a future release.\n\nThe PKI module as shipped in Red Hat Enterprise Linux 8 does not enable polymorphic deserialization which is a required configuration for the vulnerability to be used, lowering the impact of the vulnerability for the Product. We may update the jackson-databind dependency in a future release.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Decision Manager 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-11112"
},
{
"category": "external",
"summary": "RHBZ#1821311",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1821311"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-11112",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11112"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-11112",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11112"
},
{
"category": "external",
"summary": "https://github.com/FasterXML/jackson-databind/issues/2666",
"url": "https://github.com/FasterXML/jackson-databind/issues/2666"
}
],
"release_date": "2020-03-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-07-29T06:06:57+00:00",
"details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nIt is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat Decision Manager 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3196"
},
{
"category": "workaround",
"details": "The following conditions are needed for an exploit, we recommend avoiding all if possible\n* Deserialization from sources you do not control\n* `enableDefaultTyping()`\n* `@JsonTypeInfo using `id.CLASS` or `id.MINIMAL_CLASS`",
"product_ids": [
"Red Hat Decision Manager 7"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Decision Manager 7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: Serialization gadgets in org.apache.commons.proxy.provider.remoting.RmiProvider"
},
{
"cve": "CVE-2020-11113",
"cwe": {
"id": "CWE-96",
"name": "Improper Neutralization of Directives in Statically Saved Code (\u0027Static Code Injection\u0027)"
},
"discovery_date": "2020-03-31T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1821315"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4. The interaction between serialization gadgets and typing is mishandled. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: Serialization gadgets in org.apache.openjpa.ee.WASRegistryManagedRuntime",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Satellite 6 does not enable polymorphic deserialization which is a required configuration for the vulnerability to be used. We may update the jackson-databind dependency in a future release.\n\nRed Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.\n\nWhile OpenShift Container Platform\u0027s elasticsearch plugins do ship the vulnerable component, it doesn\u0027t do any of the unsafe things described in https://access.redhat.com/solutions/3279231. We may update the jackson-databind dependency in a future release.\n\nThe PKI module as shipped in Red Hat Enterprise Linux 8 does not enable polymorphic deserialization which is a required configuration for the vulnerability to be used, lowering the impact of the vulnerability for the Product. We may update the jackson-databind dependency in a future release.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Decision Manager 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-11113"
},
{
"category": "external",
"summary": "RHBZ#1821315",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1821315"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-11113",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11113"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-11113",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11113"
},
{
"category": "external",
"summary": "https://github.com/FasterXML/jackson-databind/issues/2670",
"url": "https://github.com/FasterXML/jackson-databind/issues/2670"
}
],
"release_date": "2020-03-28T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-07-29T06:06:57+00:00",
"details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nIt is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat Decision Manager 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3196"
},
{
"category": "workaround",
"details": "The following conditions are needed for an exploit, we recommend avoiding all if possible\n* Deserialization from sources you do not control\n* `enableDefaultTyping()`\n* `@JsonTypeInfo using `id.CLASS` or `id.MINIMAL_CLASS`",
"product_ids": [
"Red Hat Decision Manager 7"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Decision Manager 7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: Serialization gadgets in org.apache.openjpa.ee.WASRegistryManagedRuntime"
},
{
"cve": "CVE-2020-11612",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2020-03-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1816216"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Netty in the way it handles the amount of data it compresses and decompresses. The Compression/Decompression codecs should enforce memory allocation size limits to avoid an Out of Memory Error (OOME) or exhaustion of the memory pool.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "netty: compression/decompression codecs don\u0027t enforce limits on buffer allocation sizes",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "In OpenShift Container Platform end users don\u0027t have direct access to send requests to ElasticSearch. A user could need access to the ElasticSearch service on the internal cluster network in order to be able to send malicious requests to it.\n\n\nThird party scanners flagging Red Hat Satellite due to availability of the higher version packages in Red Hat AMQ Clients (through errata RHSA-2020:2605) compare to the qpid packages from Satellite Tools repository. qpid dependency fixed in errata RHSA-2020:2605 was for Red Hat AMQ Clients and it doesn\u0027t necessarily mean that packages from Satellite Tools are affected. These are two different products with different architecture and code-base. Updating the packages from any other repository than the Satellite-tools repository is not recommended for Satellite Customers. \n\nRed Hat Satellite 6.7 and earlier ship affected version of netty, however, there is no external connection being exposed and it is used by only Artemis to open an internal connection within the JVM. Since netty does not come into contact with untrusted data, vulnerability is not exposed in product code and there is no breach of Confidentiality, Integrity or Availability expected from this vulnerability. We may update the netty and its dependency in a future release.\n\nMore information regarding Satellite related packages can be found on KCS: https://access.redhat.com/solutions/5200591",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Decision Manager 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-11612"
},
{
"category": "external",
"summary": "RHBZ#1816216",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816216"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-11612",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11612"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-11612",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11612"
}
],
"release_date": "2020-01-31T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-07-29T06:06:57+00:00",
"details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nIt is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat Decision Manager 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3196"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Decision Manager 7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "netty: compression/decompression codecs don\u0027t enforce limits on buffer allocation sizes"
},
{
"cve": "CVE-2020-11619",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2020-04-08T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1826805"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in jackson-databind 2.x. The interaction between serialization gadgets and typing is mishandled. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: Serialization gadgets in org.springframework:spring-aop",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.\n\nThe PKI module as shipped in Red Hat Enterprise Linux 8 does not enable polymorphic deserialization which is a required configuration for the vulnerability to be used, lowering the impact of the vulnerability for the Product. We may update the jackson-databind dependency in a future release.\n\nWhile OpenShift Container Platform\u0027s elasticsearch plugins do ship the vulnerable component, it doesn\u0027t do any of the unsafe things described in https://access.redhat.com/solutions/3279231. We may update the jackson-databind dependency in a future release.\n\nRed Hat Satellite 6 does not enable polymorphic deserialization which is a required configuration for the vulnerability to be used. We may update the jackson-databind dependency in a future release.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Decision Manager 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-11619"
},
{
"category": "external",
"summary": "RHBZ#1826805",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1826805"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-11619",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11619"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-11619",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11619"
}
],
"release_date": "2020-04-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-07-29T06:06:57+00:00",
"details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nIt is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat Decision Manager 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3196"
},
{
"category": "workaround",
"details": "The following conditions are needed for an exploit, we recommend avoiding all if possible:\n* Deserialization from sources you do not control\n* `enableDefaultTyping()`\n* `@JsonTypeInfo using `id.CLASS` or `id.MINIMAL_CLASS`",
"product_ids": [
"Red Hat Decision Manager 7"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Decision Manager 7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: Serialization gadgets in org.springframework:spring-aop"
},
{
"cve": "CVE-2020-11620",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2020-04-08T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1826798"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in jackson-databind 2.x. The interaction between serialization gadgets and typing is mishandled. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: Serialization gadgets in commons-jelly:commons-jelly",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.\n\nThe PKI module as shipped in Red Hat Enterprise Linux 8 does not enable polymorphic deserialization which is a required configuration for the vulnerability to be used, lowering the impact of the vulnerability for the Product. We may update the jackson-databind dependency in a future release.\n\nWhile OpenShift Container Platform\u0027s elasticsearch plugins do ship the vulnerable component, it doesn\u0027t do any of the unsafe things described in https://access.redhat.com/solutions/3279231. We may update the jackson-databind dependency in a future release.\n\nRed Hat Satellite 6 does not enable polymorphic deserialization which is a required configuration for the vulnerability to be used. We may update the jackson-databind dependency in a future release.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Decision Manager 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-11620"
},
{
"category": "external",
"summary": "RHBZ#1826798",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1826798"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-11620",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11620"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-11620",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11620"
}
],
"release_date": "2020-04-07T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-07-29T06:06:57+00:00",
"details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nIt is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat Decision Manager 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3196"
},
{
"category": "workaround",
"details": "The following conditions are needed for an exploit, we recommend avoiding all if possible:\n* Deserialization from sources you do not control\n* `enableDefaultTyping()`\n* `@JsonTypeInfo using `id.CLASS` or `id.MINIMAL_CLASS`",
"product_ids": [
"Red Hat Decision Manager 7"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Decision Manager 7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: Serialization gadgets in commons-jelly:commons-jelly"
},
{
"cve": "CVE-2020-14060",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2020-06-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1848960"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.5. The interaction between serialization gadgets and typing is mishandled. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: serialization in oadd.org.apache.xalan.lib.sql.JNDIConnectionPool",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "While OpenShift Container Platform\u0027s elasticsearch plugins do ship the vulnerable component, it doesn\u0027t do any of the unsafe things described in https://access.redhat.com/solutions/3279231. We may update the jackson-databind dependency in a future release.\n\nRed Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.\n\nThe PKI module as shipped in Red Hat Enterprise Linux 8 and Red Hat Satellite 6 does not enable polymorphic deserialization which is a required configuration for the vulnerability to be used, lowering the impact of the vulnerability for the Product. We may update the jackson-databind dependency in a future release.\n\nThe version of jackson-databind as shipped in Red Hat Software Collections rh-maven35 is used only while building maven, thus it does not deserialize data coming from untrusted sources, lowering the impact of the vulnerability for the Product.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Decision Manager 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-14060"
},
{
"category": "external",
"summary": "RHBZ#1848960",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1848960"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-14060",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14060"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-14060",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14060"
}
],
"release_date": "2020-05-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-07-29T06:06:57+00:00",
"details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nIt is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat Decision Manager 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3196"
},
{
"category": "workaround",
"details": "The following conditions are needed for an exploit, we recommend avoiding all if possible:\n* Deserialization from sources you do not control\n* enableDefaultTyping()\n* @JsonTypeInfo using id.CLASS or id.MINIMAL_CLASS\n* oadd.org.apache.xalan.lib.sql.JNDIConnectionPool in classpath",
"product_ids": [
"Red Hat Decision Manager 7"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Decision Manager 7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: serialization in oadd.org.apache.xalan.lib.sql.JNDIConnectionPool"
},
{
"cve": "CVE-2020-14061",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2020-06-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1848966"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.5. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: serialization in weblogic/oracle-aqjms",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "While OpenShift Container Platform\u0027s elasticsearch plugins do ship the vulnerable component, it doesn\u0027t do any of the unsafe things described in https://access.redhat.com/solutions/3279231. We may update the jackson-databind dependency in a future release.\n\nRed Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.\n\nThe PKI module as shipped in Red Hat Enterprise Linux 8 and Red Hat Satellite 6 does not enable polymorphic deserialization which is a required configuration for the vulnerability to be used, lowering the impact of the vulnerability for the Product. We may update the jackson-databind dependency in a future release.\n\nThe version of jackson-databind as shipped in Red Hat Software Collections rh-maven35 is used only while building maven, thus it does not deserialize data coming from untrusted sources, lowering the impact of the vulnerability for the Product.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Decision Manager 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-14061"
},
{
"category": "external",
"summary": "RHBZ#1848966",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1848966"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-14061",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14061"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-14061",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14061"
}
],
"release_date": "2020-05-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-07-29T06:06:57+00:00",
"details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nIt is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat Decision Manager 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3196"
},
{
"category": "workaround",
"details": "The following conditions are needed for an exploit, we recommend avoiding all if possible:\n* Deserialization from sources you do not control\n* enableDefaultTyping()\n* @JsonTypeInfo using id.CLASS or id.MINIMAL_CLASS\n* oracle.jms.AQjms*ConnectionFactory in classpath",
"product_ids": [
"Red Hat Decision Manager 7"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Decision Manager 7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: serialization in weblogic/oracle-aqjms"
},
{
"cve": "CVE-2020-14062",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2020-06-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1848962"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.5. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: serialization in com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "While OpenShift Container Platform\u0027s elasticsearch plugins do ship the vulnerable component, it doesn\u0027t do any of the unsafe things described in https://access.redhat.com/solutions/3279231. We may update the jackson-databind dependency in a future release.\n\nRed Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.\n\nThe PKI module as shipped in Red Hat Enterprise Linux 8 and Red Hat Satellite 6 does not enable polymorphic deserialization which is a required configuration for the vulnerability to be used, lowering the impact of the vulnerability for the Product. We may update the jackson-databind dependency in a future release.\n\nThe version of jackson-databind as shipped in Red Hat Software Collections rh-maven35 is used only while building maven, thus it does not deserialize data coming from untrusted sources, lowering the impact of the vulnerability for the Product.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Decision Manager 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-14062"
},
{
"category": "external",
"summary": "RHBZ#1848962",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1848962"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-14062",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14062"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-14062",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14062"
}
],
"release_date": "2020-05-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-07-29T06:06:57+00:00",
"details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nIt is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat Decision Manager 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3196"
},
{
"category": "workaround",
"details": "The following conditions are needed for an exploit, we recommend avoiding all if possible:\n* Deserialization from sources you do not control\n* enableDefaultTyping()\n* @JsonTypeInfo using id.CLASS or id.MINIMAL_CLASS\n* com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool in classpath",
"product_ids": [
"Red Hat Decision Manager 7"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Decision Manager 7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: serialization in com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool"
}
]
}
RHSA-2020:3197
Vulnerability from csaf_redhat - Published: 2020-07-29 06:21 - Updated: 2026-05-14 22:25Summary
Red Hat Security Advisory: Red Hat Process Automation Manager 7.8.0 Security Update
Severity
Important
Notes
Topic: An update is now available for Red Hat Process Automation Manager.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Red Hat Process Automation Manager is an open source business process management suite that combines process management and decision service management and enables business and IT users to create, manage, validate, and deploy process applications and decision services.
This release of Red Hat Process Automation Manager 7.8.0 serves as an update to Red Hat Process Automation Manager 7.7.1, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.
Security Fix(es):
* commons-beanutils: apache-commons-beanutils: does not suppresses the class property in PropertyUtilsBean by default (CVE-2019-10086)
* netty: HTTP request smuggling (CVE-2019-20444)
* netty: HTTP request smuggling by mishandled whitespace before the colon in HTTP headers (CVE-2019-16869)
* netty: HTTP Request Smuggling due to Transfer-Encoding whitespace mishandling (CVE-2020-7238)
* netty: HTTP/2: flood using empty frames results in excessive resource consumption (CVE-2019-9518)
* netty: HTTP/2: flood using HEADERS frames results in unbounded memory growth (CVE-2019-9514)
* netty: HTTP/2: flood using PING frames results in unbounded memory growth (CVE-2019-9512)
* netty: HTTP/2: flood using SETTINGS frames results in unbounded memory growth (CVE-2019-9515)
* netty: HttpObjectDecoder.java allows Content-Length header to accompanied by second Content-Length header (CVE-2019-20445)
* cxf-core: cxf: does not restrict the number of message attachments (CVE-2019-12406)
* cxf-core: cxf: OpenId Connect token service does not properly validate the clientId (CVE-2019-12423)
* cxf-core: cxf: reflected XSS in the services listing page (CVE-2019-17573)
* jackson-databind: lacks certain net.sf.ehcache blocking (CVE-2019-20330)
* jackson-databind: Lacks certain xbean-reflect/JNDI blocking (CVE-2020-8840)
* jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution (CVE-2020-10672)
* jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution (CVE-2020-10673)
* jackson-databind: Serialization gadgets in anteros-core (CVE-2020-9548)
* jackson-databind: Serialization gadgets in commons-jelly:commons-jelly (CVE-2020-11620)
* jackson-databind: Serialization gadgets in ibatis-sqlmap (CVE-2020-9547)
* jackson-databind: Serialization gadgets in javax.swing.JEditorPane (CVE-2020-10969)
* jackson-databind: Serialization gadgets in org.aoju.bus.proxy.provider.*.RmiProvider (CVE-2020-10968)
* jackson-databind: Serialization gadgets in org.apache.activemq.jms.pool.XaPooledConnectionFactory (CVE-2020-11111)
* jackson-databind: Serialization gadgets in org.apache.commons.proxy.provider.remoting.RmiProvider (CVE-2020-11112)
* jackson-databind: Serialization gadgets in org.apache.openjpa.ee.WASRegistryManagedRuntime (CVE-2020-11113)
* jackson-databind: Serialization gadgets in org.springframework:spring-aop (CVE-2020-11619)
* jackson-databind: Serialization gadgets in shaded-hikari-config (CVE-2020-9546)
* jackson-databind: serialization in com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool (CVE-2020-14062)
* jackson-databind: serialization in weblogic/oracle-aqjms (CVE-2020-14061)
* jackson-databind: serialization in oadd.org.apache.xalan.lib.sql.JNDIConnectionPool (CVE-2020-14060)
* netty: compression/decompression codecs don't enforce limits on buffer allocation sizes (CVE-2020-11612)
* quartz: libquartz: XXE attacks via job description (CVE-2019-13990)
* keycloak: security issue on reset credential flow (CVE-2020-1718)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in HTTP/2. Using PING frames and queuing of response PING ACK frames, a flood attack could occur resulting in unbounded memory growth. The highest threat from this vulnerability is to system availability.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Process Automation 7
Red Hat / Red Hat Process Automation Manager
|
cpe:/a:redhat:jboss_enterprise_bpms_platform:7.8
|
— |
Vendor Fix
fix
|
Threats
Impact
Important
A flaw was found in HTTP/2. Using HEADER frames with invalid HTTP headers and queuing of response RST_STREAM frames, an attacker could cause a flood resulting in unbounded memory growth. The highest threat from this vulnerability is to system availability.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Process Automation 7
Red Hat / Red Hat Process Automation Manager
|
cpe:/a:redhat:jboss_enterprise_bpms_platform:7.8
|
— |
Vendor Fix
fix
|
Threats
Impact
Important
A flaw was found in HTTP/2. Using SETTINGS frames and queuing of SETTINGS ACK frames, a flood could occur resulting in unbounded memory growth. The highest threat from this vulnerability is to system availability.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Process Automation 7
Red Hat / Red Hat Process Automation Manager
|
cpe:/a:redhat:jboss_enterprise_bpms_platform:7.8
|
— |
Vendor Fix
fix
|
Threats
Impact
Important
A flaw was found in HTTP/2. Using frames with an empty payload, a flood could occur that results in excessive CPU usage and starvation of other clients. The highest threat from this vulnerability is to system availability.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Process Automation 7
Red Hat / Red Hat Process Automation Manager
|
cpe:/a:redhat:jboss_enterprise_bpms_platform:7.8
|
— |
Vendor Fix
fix
|
Threats
Impact
Important
A flaw was found in the Apache Commons BeanUtils, where the class property in PropertyUtilsBean is not suppressed by default. This flaw allows an attacker to access the classloader.
7.3 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Process Automation 7
Red Hat / Red Hat Process Automation Manager
|
cpe:/a:redhat:jboss_enterprise_bpms_platform:7.8
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
Apache CXF before 3.3.4 and 3.2.11 does not restrict the number of message attachments present in a given message. This leaves open the possibility of a denial of service type attack, where a malicious user crafts a message containing a very large number of message attachments. From the 3.3.4 and 3.2.11 releases, a default limit of 50 message attachments is enforced. This is configurable via the message property "attachment-max-count".
6.5 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Process Automation 7
Red Hat / Red Hat Process Automation Manager
|
cpe:/a:redhat:jboss_enterprise_bpms_platform:7.8
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
Apache CXF ships with a OpenId Connect JWK Keys service, which allows a client to obtain the public keys in JWK format, which can then be used to verify the signature of tokens issued by the service. Typically, the service obtains the public key from a local keystore (JKS/PKCS12) by specifing the path of the keystore and the alias of the keystore entry. This case is not vulnerable. However it is also possible to obtain the keys from a JWK keystore file, by setting the configuration parameter "rs.security.keystore.type" to "jwk". For this case all keys are returned in this file "as is", including all private key and secret key credentials. This is an obvious security risk if the user has configured the signature keystore file with private or secret key credentials. From CXF 3.3.5 and 3.2.12, it is mandatory to specify an alias corresponding to the id of the key in the JWK file, and only this key is returned. In addition, any private key information is omitted by default. "oct" keys, which contain secret keys, are not returned at all.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Process Automation 7
Red Hat / Red Hat Process Automation Manager
|
cpe:/a:redhat:jboss_enterprise_bpms_platform:7.8
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
The Terracotta Quartz Scheduler is susceptible to an XML external entity attack (XXE) through a job description. This issue stems from inadequate handling of XML external entity (XXE) declarations in the initDocumentParser function within xml/XMLSchedulingDataProcessor.java. By enticing a victim to access a maliciously crafted job description (containing XML content), a remote attacker could exploit this vulnerability to execute an XXE attack on the targeted system.
8.1 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Process Automation 7
Red Hat / Red Hat Process Automation Manager
|
cpe:/a:redhat:jboss_enterprise_bpms_platform:7.8
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in Netty, where whitespace before the colon in HTTP headers is mishandled. This flaw allows an attacker to cause HTTP request smuggling.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Process Automation 7
Red Hat / Red Hat Process Automation Manager
|
cpe:/a:redhat:jboss_enterprise_bpms_platform:7.8
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
By default, Apache CXF creates a /services page containing a listing of the available endpoint names and addresses. This webpage is vulnerable to a reflected Cross-Site Scripting (XSS) attack, which allows a malicious actor to inject javascript into the web page. Please note that the attack exploits a feature which is not typically not present in modern browsers, who remove dot segments before sending the request. However, Mobile applications may be vulnerable.
6.1 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Process Automation 7
Red Hat / Red Hat Process Automation Manager
|
cpe:/a:redhat:jboss_enterprise_bpms_platform:7.8
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the ehcache gadget when used in conjunction with polymorphic type handling methods such as `enableDefaultTyping()` or when @JsonTypeInfo is using `Id.CLASS` or `Id.MINIMAL_CLASS` or in any other way which ObjectMapper.readValue might instantiate objects from unsafe sources. An attacker could use this flaw to execute arbitrary code.
8.1 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Process Automation 7
Red Hat / Red Hat Process Automation Manager
|
cpe:/a:redhat:jboss_enterprise_bpms_platform:7.8
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A HTTP smuggling flaw was found in HttpObjectDecoder.java in Netty in versions prior to version 4.1.44. HTTP headers with an invalid fold, in this case CRLF (carriage return, line feed) without being followed by SP (space) or HTAB (horizontal tab), result in situations where headers can be misread. Data integrity is the highest threat with this vulnerability.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Process Automation 7
Red Hat / Red Hat Process Automation Manager
|
cpe:/a:redhat:jboss_enterprise_bpms_platform:7.8
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in Netty before version 4.1.44, where it accepted multiple Content-Length headers and also accepted both Transfer-Encoding, as well as Content-Length headers where it should reject the message under such circumstances. In circumstances where Netty is used in the context of a server, it could result in a viable HTTP smuggling vulnerability.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Process Automation 7
Red Hat / Red Hat Process Automation Manager
|
cpe:/a:redhat:jboss_enterprise_bpms_platform:7.8
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in the reset credential flow in Keycloak. This flaw allows an attacker to gain unauthorized access to the application.
8.8 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Process Automation 7
Red Hat / Red Hat Process Automation Manager
|
cpe:/a:redhat:jboss_enterprise_bpms_platform:7.8
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Low
A flaw was found in Netty, where it mishandles Transfer-Encoding whitespace. This flaw allows HTTP Request Smuggling.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Process Automation 7
Red Hat / Red Hat Process Automation Manager
|
cpe:/a:redhat:jboss_enterprise_bpms_platform:7.8
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in FasterXML jackson-databind in versions 2.0.0 through 2.9.10.2. A "gadget" exploit is possible due to a lack of a Java object being blocking from being deserialized. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
8.1 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Process Automation 7
Red Hat / Red Hat Process Automation Manager
|
cpe:/a:redhat:jboss_enterprise_bpms_platform:7.8
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
8.1 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Process Automation 7
Red Hat / Red Hat Process Automation Manager
|
cpe:/a:redhat:jboss_enterprise_bpms_platform:7.8
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in jackson-databind 2.x. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
8.1 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Process Automation 7
Red Hat / Red Hat Process Automation Manager
|
cpe:/a:redhat:jboss_enterprise_bpms_platform:7.8
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in jackson-databind 2.x. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
8.1 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Process Automation 7
Red Hat / Red Hat Process Automation Manager
|
cpe:/a:redhat:jboss_enterprise_bpms_platform:7.8
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
8.1 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Process Automation 7
Red Hat / Red Hat Process Automation Manager
|
cpe:/a:redhat:jboss_enterprise_bpms_platform:7.8
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
8.1 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Process Automation 7
Red Hat / Red Hat Process Automation Manager
|
cpe:/a:redhat:jboss_enterprise_bpms_platform:7.8
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in jackson-databind 2.x prior to version 2.9.10.4. The interaction between serialization gadgets and typing is mishandled in the bus-proxy. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
8.8 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Process Automation 7
Red Hat / Red Hat Process Automation Manager
|
cpe:/a:redhat:jboss_enterprise_bpms_platform:7.8
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4. The interaction between serialization gadgets and typing is mishandled. The highest threat from this vulnerability is to data confidentiality.
8.1 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Process Automation 7
Red Hat / Red Hat Process Automation Manager
|
cpe:/a:redhat:jboss_enterprise_bpms_platform:7.8
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4. The interaction between serialization gadgets and typing is mishandled. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
8.1 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Process Automation 7
Red Hat / Red Hat Process Automation Manager
|
cpe:/a:redhat:jboss_enterprise_bpms_platform:7.8
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4. The interaction between serialization gadgets and typing is mishandled. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
8.1 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Process Automation 7
Red Hat / Red Hat Process Automation Manager
|
cpe:/a:redhat:jboss_enterprise_bpms_platform:7.8
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4. The interaction between serialization gadgets and typing is mishandled. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
8.1 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Process Automation 7
Red Hat / Red Hat Process Automation Manager
|
cpe:/a:redhat:jboss_enterprise_bpms_platform:7.8
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in Netty in the way it handles the amount of data it compresses and decompresses. The Compression/Decompression codecs should enforce memory allocation size limits to avoid an Out of Memory Error (OOME) or exhaustion of the memory pool.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Process Automation 7
Red Hat / Red Hat Process Automation Manager
|
cpe:/a:redhat:jboss_enterprise_bpms_platform:7.8
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in jackson-databind 2.x. The interaction between serialization gadgets and typing is mishandled. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
8.1 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Process Automation 7
Red Hat / Red Hat Process Automation Manager
|
cpe:/a:redhat:jboss_enterprise_bpms_platform:7.8
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in jackson-databind 2.x. The interaction between serialization gadgets and typing is mishandled. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
8.1 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Process Automation 7
Red Hat / Red Hat Process Automation Manager
|
cpe:/a:redhat:jboss_enterprise_bpms_platform:7.8
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.5. The interaction between serialization gadgets and typing is mishandled. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
8.1 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Process Automation 7
Red Hat / Red Hat Process Automation Manager
|
cpe:/a:redhat:jboss_enterprise_bpms_platform:7.8
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.5. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
8.1 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Process Automation 7
Red Hat / Red Hat Process Automation Manager
|
cpe:/a:redhat:jboss_enterprise_bpms_platform:7.8
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.5. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
8.1 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Process Automation 7
Red Hat / Red Hat Process Automation Manager
|
cpe:/a:redhat:jboss_enterprise_bpms_platform:7.8
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
References
176 references
Acknowledgments
the Envoy security team
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update is now available for Red Hat Process Automation Manager.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat Process Automation Manager is an open source business process management suite that combines process management and decision service management and enables business and IT users to create, manage, validate, and deploy process applications and decision services.\n\nThis release of Red Hat Process Automation Manager 7.8.0 serves as an update to Red Hat Process Automation Manager 7.7.1, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.\n\nSecurity Fix(es):\n\n* commons-beanutils: apache-commons-beanutils: does not suppresses the class property in PropertyUtilsBean by default (CVE-2019-10086)\n\n* netty: HTTP request smuggling (CVE-2019-20444)\n\n* netty: HTTP request smuggling by mishandled whitespace before the colon in HTTP headers (CVE-2019-16869)\n\n* netty: HTTP Request Smuggling due to Transfer-Encoding whitespace mishandling (CVE-2020-7238)\n\n* netty: HTTP/2: flood using empty frames results in excessive resource consumption (CVE-2019-9518)\n\n* netty: HTTP/2: flood using HEADERS frames results in unbounded memory growth (CVE-2019-9514)\n\n* netty: HTTP/2: flood using PING frames results in unbounded memory growth (CVE-2019-9512)\n\n* netty: HTTP/2: flood using SETTINGS frames results in unbounded memory growth (CVE-2019-9515)\n\n* netty: HttpObjectDecoder.java allows Content-Length header to accompanied by second Content-Length header (CVE-2019-20445)\n\n* cxf-core: cxf: does not restrict the number of message attachments (CVE-2019-12406)\n\n* cxf-core: cxf: OpenId Connect token service does not properly validate the clientId (CVE-2019-12423)\n\n* cxf-core: cxf: reflected XSS in the services listing page (CVE-2019-17573)\n\n* jackson-databind: lacks certain net.sf.ehcache blocking (CVE-2019-20330)\n\n* jackson-databind: Lacks certain xbean-reflect/JNDI blocking (CVE-2020-8840)\n\n* jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution (CVE-2020-10672)\n\n* jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution (CVE-2020-10673)\n\n* jackson-databind: Serialization gadgets in anteros-core (CVE-2020-9548)\n\n* jackson-databind: Serialization gadgets in commons-jelly:commons-jelly (CVE-2020-11620)\n\n* jackson-databind: Serialization gadgets in ibatis-sqlmap (CVE-2020-9547)\n\n* jackson-databind: Serialization gadgets in javax.swing.JEditorPane (CVE-2020-10969)\n\n* jackson-databind: Serialization gadgets in org.aoju.bus.proxy.provider.*.RmiProvider (CVE-2020-10968)\n\n* jackson-databind: Serialization gadgets in org.apache.activemq.jms.pool.XaPooledConnectionFactory (CVE-2020-11111)\n\n* jackson-databind: Serialization gadgets in org.apache.commons.proxy.provider.remoting.RmiProvider (CVE-2020-11112)\n\n* jackson-databind: Serialization gadgets in org.apache.openjpa.ee.WASRegistryManagedRuntime (CVE-2020-11113)\n\n* jackson-databind: Serialization gadgets in org.springframework:spring-aop (CVE-2020-11619)\n\n* jackson-databind: Serialization gadgets in shaded-hikari-config (CVE-2020-9546)\n\n* jackson-databind: serialization in com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool (CVE-2020-14062)\n\n* jackson-databind: serialization in weblogic/oracle-aqjms (CVE-2020-14061)\n\n* jackson-databind: serialization in oadd.org.apache.xalan.lib.sql.JNDIConnectionPool (CVE-2020-14060)\n\n* netty: compression/decompression codecs don\u0027t enforce limits on buffer allocation sizes (CVE-2020-11612)\n\n* quartz: libquartz: XXE attacks via job description (CVE-2019-13990)\n\n* keycloak: security issue on reset credential flow (CVE-2020-1718)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2020:3197",
"url": "https://access.redhat.com/errata/RHSA-2020:3197"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions\u0026product=rhpam\u0026version=7.8.0",
"url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions\u0026product=rhpam\u0026version=7.8.0"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_process_automation_manager/7.8/html/release_notes_for_red_hat_process_automation_manager_7.8/index",
"url": "https://access.redhat.com/documentation/en-us/red_hat_process_automation_manager/7.8/html/release_notes_for_red_hat_process_automation_manager_7.8/index"
},
{
"category": "external",
"summary": "1735645",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1735645"
},
{
"category": "external",
"summary": "1735744",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1735744"
},
{
"category": "external",
"summary": "1735745",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1735745"
},
{
"category": "external",
"summary": "1735749",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1735749"
},
{
"category": "external",
"summary": "1758619",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1758619"
},
{
"category": "external",
"summary": "1767483",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1767483"
},
{
"category": "external",
"summary": "1793154",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1793154"
},
{
"category": "external",
"summary": "1796225",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1796225"
},
{
"category": "external",
"summary": "1796756",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1796756"
},
{
"category": "external",
"summary": "1797006",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1797006"
},
{
"category": "external",
"summary": "1797011",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1797011"
},
{
"category": "external",
"summary": "1798509",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1798509"
},
{
"category": "external",
"summary": "1798524",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1798524"
},
{
"category": "external",
"summary": "1801149",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1801149"
},
{
"category": "external",
"summary": "1815470",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1815470"
},
{
"category": "external",
"summary": "1815495",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1815495"
},
{
"category": "external",
"summary": "1816170",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816170"
},
{
"category": "external",
"summary": "1816216",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816216"
},
{
"category": "external",
"summary": "1816330",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816330"
},
{
"category": "external",
"summary": "1816332",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816332"
},
{
"category": "external",
"summary": "1816337",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816337"
},
{
"category": "external",
"summary": "1816340",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816340"
},
{
"category": "external",
"summary": "1819208",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1819208"
},
{
"category": "external",
"summary": "1819212",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1819212"
},
{
"category": "external",
"summary": "1821304",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1821304"
},
{
"category": "external",
"summary": "1821311",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1821311"
},
{
"category": "external",
"summary": "1821315",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1821315"
},
{
"category": "external",
"summary": "1826798",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1826798"
},
{
"category": "external",
"summary": "1826805",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1826805"
},
{
"category": "external",
"summary": "1848960",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1848960"
},
{
"category": "external",
"summary": "1848962",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1848962"
},
{
"category": "external",
"summary": "1848966",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1848966"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_3197.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Process Automation Manager 7.8.0 Security Update",
"tracking": {
"current_release_date": "2026-05-14T22:25:17+00:00",
"generator": {
"date": "2026-05-14T22:25:17+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.0"
}
},
"id": "RHSA-2020:3197",
"initial_release_date": "2020-07-29T06:21:49+00:00",
"revision_history": [
{
"date": "2020-07-29T06:21:49+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2020-07-29T06:21:49+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-05-14T22:25:17+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Process Automation 7",
"product": {
"name": "Red Hat Process Automation 7",
"product_id": "Red Hat Process Automation 7",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_bpms_platform:7.8"
}
}
}
],
"category": "product_family",
"name": "Red Hat Process Automation Manager"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"the Envoy security team"
]
}
],
"cve": "CVE-2019-9512",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2019-08-01T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1735645"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in HTTP/2. Using PING frames and queuing of response PING ACK frames, a flood attack could occur resulting in unbounded memory growth. The highest threat from this vulnerability is to system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "HTTP/2: flood using PING frames results in unbounded memory growth",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The golang package in Red Hat OpenStack Platform 9 Operational Tools will not be updated for this flaw because it is in technical preview and is retiring as of 24.Aug.2019.\nThis issue did not affect the versions of grafana(embeds golang) as shipped with Red Hat Ceph Storage 2 and Red Hat Gluster Storage 3 as they did not include the support for HTTP/2.\nThe following storage product versions are affected because they include the support for HTTP/2 in:\n* golang as shipped with Red Hat Gluster Storage 3, Red Hat Ceph Storage 2 and Red Hat Ceph Storage 3\n* heketi(embeds golang) as shipped with Red Hat Gluster Storage 3\n* grafana(embeds golang and grpc) as shipped with Red Hat Ceph Storage 3\nThis flaw has no available mitigation for packages golang and nodejs. Both packages will be updated once the available fixes are released for Red Hat Enterprise Linux and Red Hat Software Collections.\n\nThe nodejs RPM shipped in OpenShift Container Platform 3.9 and 3.10 is not affected by this flaw as it does not contain the vulnerable code.\n\nAll OpenShift Container Platform RPMs and container images that are built with Go and support HTTP/2 are vulnerable to this flaw.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Process Automation 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-9512"
},
{
"category": "external",
"summary": "RHBZ#1735645",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1735645"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-9512",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9512"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-9512",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9512"
},
{
"category": "external",
"summary": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md",
"url": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md"
},
{
"category": "external",
"summary": "https://groups.google.com/forum/#!topic/golang-announce/65QixT3tcmg",
"url": "https://groups.google.com/forum/#!topic/golang-announce/65QixT3tcmg"
},
{
"category": "external",
"summary": "https://groups.google.com/forum/#!topic/kubernetes-security-announce/wlHLHit1BqA",
"url": "https://groups.google.com/forum/#!topic/kubernetes-security-announce/wlHLHit1BqA"
},
{
"category": "external",
"summary": "https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/",
"url": "https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/"
},
{
"category": "external",
"summary": "https://www.mail-archive.com/grpc-io@googlegroups.com/msg06408.html",
"url": "https://www.mail-archive.com/grpc-io@googlegroups.com/msg06408.html"
}
],
"release_date": "2019-08-13T17:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-07-29T06:21:49+00:00",
"details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nIt is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat Process Automation 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3197"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"Red Hat Process Automation 7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "HTTP/2: flood using PING frames results in unbounded memory growth"
},
{
"acknowledgments": [
{
"names": [
"the Envoy security team"
]
}
],
"cve": "CVE-2019-9514",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2019-08-01T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1735744"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in HTTP/2. Using HEADER frames with invalid HTTP headers and queuing of response RST_STREAM frames, an attacker could cause a flood resulting in unbounded memory growth. The highest threat from this vulnerability is to system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "HTTP/2: flood using HEADERS frames results in unbounded memory growth",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The golang package in Red Hat OpenStack Platform 9 Operational Tools will not be updated for this flaw because it is in technical preview and is retiring as of 24.Aug.2019.\nThis issue did not affect the versions of grafana(embeds golang) as shipped with Red Hat Ceph Storage 2 and Red Hat Gluster Storage 3 as they did not include the support for HTTP/2.\nThe following storage product versions are affected because they include the support for HTTP/2 in:\n* golang as shipped with Red Hat Gluster Storage 3, Red Hat Ceph Storage 2 and Red Hat Ceph Storage 3\n* heketi(embeds golang) as shipped with Red Hat Gluster Storage 3\n* grafana(embeds golang and grpc) as shipped with Red Hat Ceph Storage 3\nThis flaw has no available mitigation for packages golang and nodejs. Both packages will be updated once the available fixes are released for Red Hat Enterprise Linux and Red Hat Software Collections.\n\nThe nodejs RPM shipped in OpenShift Container Platform 3.9 and 3.10 is not affected by this flaw as it does not contain the vulnerable code.\n\nAll OpenShift Container Platform RPMs and container images that are built with Go and support HTTP/2 are vulnerable to this flaw.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Process Automation 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-9514"
},
{
"category": "external",
"summary": "RHBZ#1735744",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1735744"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-9514",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9514"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-9514",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9514"
},
{
"category": "external",
"summary": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md",
"url": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md"
},
{
"category": "external",
"summary": "https://groups.google.com/forum/#!topic/golang-announce/65QixT3tcmg",
"url": "https://groups.google.com/forum/#!topic/golang-announce/65QixT3tcmg"
},
{
"category": "external",
"summary": "https://groups.google.com/forum/#!topic/kubernetes-security-announce/wlHLHit1BqA",
"url": "https://groups.google.com/forum/#!topic/kubernetes-security-announce/wlHLHit1BqA"
},
{
"category": "external",
"summary": "https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/",
"url": "https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/"
},
{
"category": "external",
"summary": "https://www.mail-archive.com/grpc-io@googlegroups.com/msg06408.html",
"url": "https://www.mail-archive.com/grpc-io@googlegroups.com/msg06408.html"
}
],
"release_date": "2019-08-13T17:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-07-29T06:21:49+00:00",
"details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nIt is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat Process Automation 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3197"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"Red Hat Process Automation 7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "HTTP/2: flood using HEADERS frames results in unbounded memory growth"
},
{
"acknowledgments": [
{
"names": [
"the Envoy security team"
]
}
],
"cve": "CVE-2019-9515",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2019-08-01T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1735745"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in HTTP/2. Using SETTINGS frames and queuing of SETTINGS ACK frames, a flood could occur resulting in unbounded memory growth. The highest threat from this vulnerability is to system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "HTTP/2: flood using SETTINGS frames results in unbounded memory growth",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue affects the version of grafana(embeds gRPC) as shipped with Red Hat Ceph Storage 3 as it include the support for HTTP/2.\nThis flaw has no available mitigation for nodejs package. It will be updated once the available fixes are released for Red Hat Enterprise Linux and Red Hat Software Collections.\n\nThe nodejs RPM shipped in OpenShift Container Platform 3.9 and 3.10 is not affected by this flaw as it does not contain the vulnerable code.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Process Automation 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-9515"
},
{
"category": "external",
"summary": "RHBZ#1735745",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1735745"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-9515",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9515"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-9515",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9515"
},
{
"category": "external",
"summary": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md",
"url": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md"
},
{
"category": "external",
"summary": "https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/",
"url": "https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/"
},
{
"category": "external",
"summary": "https://www.mail-archive.com/grpc-io@googlegroups.com/msg06408.html",
"url": "https://www.mail-archive.com/grpc-io@googlegroups.com/msg06408.html"
}
],
"release_date": "2019-08-13T17:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-07-29T06:21:49+00:00",
"details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nIt is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat Process Automation 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3197"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"Red Hat Process Automation 7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "HTTP/2: flood using SETTINGS frames results in unbounded memory growth"
},
{
"acknowledgments": [
{
"names": [
"the Envoy security team"
]
}
],
"cve": "CVE-2019-9518",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2019-08-01T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1735749"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in HTTP/2. Using frames with an empty payload, a flood could occur that results in excessive CPU usage and starvation of other clients. The highest threat from this vulnerability is to system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "HTTP/2: flood using empty frames results in excessive resource consumption",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw has no available mitigation for nodejs package. It will be updated once the available fixes are released for Red Hat Enterprise Linux and Red Hat Software Collections.\n\nThe nodejs RPM shipped in OpenShift Container Platform 3.9 and 3.10 is not affected by this flaw as it does not contain the vulnerable code.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Process Automation 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-9518"
},
{
"category": "external",
"summary": "RHBZ#1735749",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1735749"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-9518",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9518"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-9518",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9518"
},
{
"category": "external",
"summary": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md",
"url": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md"
},
{
"category": "external",
"summary": "https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/",
"url": "https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/"
}
],
"release_date": "2019-08-13T17:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-07-29T06:21:49+00:00",
"details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nIt is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat Process Automation 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3197"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"Red Hat Process Automation 7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "HTTP/2: flood using empty frames results in excessive resource consumption"
},
{
"cve": "CVE-2019-10086",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2019-10-31T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1767483"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Apache Commons BeanUtils, where the class property in PropertyUtilsBean is not suppressed by default. This flaw allows an attacker to access the classloader.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "apache-commons-beanutils: does not suppresses the class property in PropertyUtilsBean by default",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Process Automation 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-10086"
},
{
"category": "external",
"summary": "RHBZ#1767483",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1767483"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-10086",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10086"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-10086",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10086"
},
{
"category": "external",
"summary": "https://commons.apache.org/proper/commons-beanutils/javadocs/v1.9.4/RELEASE-NOTES.txt",
"url": "https://commons.apache.org/proper/commons-beanutils/javadocs/v1.9.4/RELEASE-NOTES.txt"
}
],
"release_date": "2019-08-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-07-29T06:21:49+00:00",
"details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nIt is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat Process Automation 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3197"
},
{
"category": "workaround",
"details": "There is no currently known mitigation for this flaw.",
"product_ids": [
"Red Hat Process Automation 7"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"Red Hat Process Automation 7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "apache-commons-beanutils: does not suppresses the class property in PropertyUtilsBean by default"
},
{
"cve": "CVE-2019-12406",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2020-03-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1816170"
}
],
"notes": [
{
"category": "description",
"text": "Apache CXF before 3.3.4 and 3.2.11 does not restrict the number of message attachments present in a given message. This leaves open the possibility of a denial of service type attack, where a malicious user crafts a message containing a very large number of message attachments. From the 3.3.4 and 3.2.11 releases, a default limit of 50 message attachments is enforced. This is configurable via the message property \"attachment-max-count\".",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "cxf: does not restrict the number of message attachments",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Process Automation 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-12406"
},
{
"category": "external",
"summary": "RHBZ#1816170",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816170"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-12406",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12406"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-12406",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12406"
}
],
"release_date": "2019-11-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-07-29T06:21:49+00:00",
"details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nIt is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat Process Automation 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3197"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Process Automation 7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "cxf: does not restrict the number of message attachments"
},
{
"cve": "CVE-2019-12423",
"cwe": {
"id": "CWE-522",
"name": "Insufficiently Protected Credentials"
},
"discovery_date": "2020-01-31T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1797006"
}
],
"notes": [
{
"category": "description",
"text": "Apache CXF ships with a OpenId Connect JWK Keys service, which allows a client to obtain the public keys in JWK format, which can then be used to verify the signature of tokens issued by the service. Typically, the service obtains the public key from a local keystore (JKS/PKCS12) by specifing the path of the keystore and the alias of the keystore entry. This case is not vulnerable. However it is also possible to obtain the keys from a JWK keystore file, by setting the configuration parameter \"rs.security.keystore.type\" to \"jwk\". For this case all keys are returned in this file \"as is\", including all private key and secret key credentials. This is an obvious security risk if the user has configured the signature keystore file with private or secret key credentials. From CXF 3.3.5 and 3.2.12, it is mandatory to specify an alias corresponding to the id of the key in the JWK file, and only this key is returned. In addition, any private key information is omitted by default. \"oct\" keys, which contain secret keys, are not returned at all.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "cxf: OpenId Connect token service does not properly validate the clientId",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Process Automation 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-12423"
},
{
"category": "external",
"summary": "RHBZ#1797006",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1797006"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-12423",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12423"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-12423",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12423"
}
],
"release_date": "2020-01-16T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-07-29T06:21:49+00:00",
"details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nIt is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat Process Automation 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3197"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat Process Automation 7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "cxf: OpenId Connect token service does not properly validate the clientId"
},
{
"cve": "CVE-2019-13990",
"cwe": {
"id": "CWE-611",
"name": "Improper Restriction of XML External Entity Reference"
},
"discovery_date": "2019-07-27T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1801149"
}
],
"notes": [
{
"category": "description",
"text": "The Terracotta Quartz Scheduler is susceptible to an XML external entity attack (XXE) through a job description. This issue stems from inadequate handling of XML external entity (XXE) declarations in the initDocumentParser function within xml/XMLSchedulingDataProcessor.java. By enticing a victim to access a maliciously crafted job description (containing XML content), a remote attacker could exploit this vulnerability to execute an XXE attack on the targeted system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libquartz: XXE attacks via job description",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Satellite 6 uses a vulnerable version of libquartz as a dependency for Candlepin. However, the \u003cjob\u003e\u003cdescrition\u003e entry is not used, and the vulnerability can not be triggered. An update may fix the code in the future.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Process Automation 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-13990"
},
{
"category": "external",
"summary": "RHBZ#1801149",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1801149"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-13990",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13990"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-13990",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13990"
}
],
"release_date": "2019-07-26T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-07-29T06:21:49+00:00",
"details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nIt is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat Process Automation 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3197"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Process Automation 7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libquartz: XXE attacks via job description"
},
{
"cve": "CVE-2019-16869",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"discovery_date": "2019-09-26T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1758619"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Netty, where whitespace before the colon in HTTP headers is mishandled. This flaw allows an attacker to cause HTTP request smuggling.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "netty: HTTP request smuggling by mishandled whitespace before the colon in HTTP headers",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "OpenShift Container Platform ships a vulnerable netty library as part of the logging-elasticsearch5 container. ElasticSearch\u0027s security team has stated that this vulnerability does not poses a substantial practical threat to ElasticSearch 6 [1]. We agree that this issue would be difficult to exploit these vulnerabilities on OpenShift Container Platform, so we\u0027re reducing the impact of this issue to moderate and may fix it in the future release.\n\nRed Hat Satellite ships vulnerable netty version embedded in Candlepin, however, is not directly vulnerable since HTTP requests are handled by Tomcat and not netty.\n\n[1] https://github.com/elastic/elasticsearch/issues/49396",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Process Automation 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-16869"
},
{
"category": "external",
"summary": "RHBZ#1758619",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1758619"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-16869",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16869"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-16869",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-16869"
}
],
"release_date": "2019-09-26T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-07-29T06:21:49+00:00",
"details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nIt is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat Process Automation 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3197"
},
{
"category": "workaround",
"details": "* Use HTTP/2 instead (clear boundaries between requests)\n* Disable reuse of backend connections eg. ```http-reuse never``` in HAProxy or whatever equivalent LB settings",
"product_ids": [
"Red Hat Process Automation 7"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"products": [
"Red Hat Process Automation 7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "netty: HTTP request smuggling by mishandled whitespace before the colon in HTTP headers"
},
{
"cve": "CVE-2019-17573",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2020-01-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1797011"
}
],
"notes": [
{
"category": "description",
"text": "By default, Apache CXF creates a /services page containing a listing of the available endpoint names and addresses. This webpage is vulnerable to a reflected Cross-Site Scripting (XSS) attack, which allows a malicious actor to inject javascript into the web page. Please note that the attack exploits a feature which is not typically not present in modern browsers, who remove dot segments before sending the request. However, Mobile applications may be vulnerable.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "cxf: reflected XSS in the services listing page",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Process Automation 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-17573"
},
{
"category": "external",
"summary": "RHBZ#1797011",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1797011"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-17573",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17573"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-17573",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-17573"
}
],
"release_date": "2020-01-16T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-07-29T06:21:49+00:00",
"details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nIt is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat Process Automation 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3197"
},
{
"category": "workaround",
"details": "Mitigate this flaw by disabling the service listing altogether; via setting the \"hide-service-list-page\" servlet parameter to \"true\".",
"product_ids": [
"Red Hat Process Automation 7"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat Process Automation 7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "cxf: reflected XSS in the services listing page"
},
{
"cve": "CVE-2019-20330",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2020-01-20T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1793154"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the ehcache gadget when used in conjunction with polymorphic type handling methods such as `enableDefaultTyping()` or when @JsonTypeInfo is using `Id.CLASS` or `Id.MINIMAL_CLASS` or in any other way which ObjectMapper.readValue might instantiate objects from unsafe sources. An attacker could use this flaw to execute arbitrary code.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: lacks certain net.sf.ehcache blocking",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "While OpenShift Container Platform\u0027s elasticsearch plugins do ship the vulnerable component, it doesn\u0027t do any of the unsafe things described in https://access.redhat.com/solutions/3279231. We may update the jackson-databind dependency in a future release.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Process Automation 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-20330"
},
{
"category": "external",
"summary": "RHBZ#1793154",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1793154"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-20330",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20330"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-20330",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-20330"
}
],
"release_date": "2020-01-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-07-29T06:21:49+00:00",
"details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nIt is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat Process Automation 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3197"
},
{
"category": "workaround",
"details": "The following conditions are needed for an exploit, we recommend avoiding all if possible:\n* Deserialization from sources you do not control\n* `enableDefaultTyping()`\n* `@JsonTypeInfo using `id.CLASS` or `id.MINIMAL_CLASS`",
"product_ids": [
"Red Hat Process Automation 7"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Process Automation 7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: lacks certain net.sf.ehcache blocking"
},
{
"cve": "CVE-2019-20444",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"discovery_date": "2020-01-30T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1798524"
}
],
"notes": [
{
"category": "description",
"text": "A HTTP smuggling flaw was found in HttpObjectDecoder.java in Netty in versions prior to version 4.1.44. HTTP headers with an invalid fold, in this case CRLF (carriage return, line feed) without being followed by SP (space) or HTAB (horizontal tab), result in situations where headers can be misread. Data integrity is the highest threat with this vulnerability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "netty: HTTP request smuggling",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "OpenShift Container Platform ships a vulnerable netty library as part of the logging-elasticsearch5 container. ElasticSearch\u0027s security team has stated that the previous vulnerability, CVE-2019-16869, does not pose a substantial practical threat to ElasticSearch 6. We agree that these issues would be difficult to exploit on OpenShift Container Platform so we\u0027re reducing the impact of this issue to moderate and may fix it in the future release.\n\nRed Hat Satellite ships a vulnerable version of netty embedded in Candlepin. However, the flaw can not be triggered in that context, because HTTP requests are handled by Tomcat, not by netty. A future release may fix this.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Process Automation 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-20444"
},
{
"category": "external",
"summary": "RHBZ#1798524",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1798524"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-20444",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20444"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-20444",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-20444"
},
{
"category": "external",
"summary": "https://github.com/elastic/elasticsearch/issues/49396",
"url": "https://github.com/elastic/elasticsearch/issues/49396"
}
],
"release_date": "2020-01-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-07-29T06:21:49+00:00",
"details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nIt is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat Process Automation 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3197"
},
{
"category": "workaround",
"details": "* Use HTTP/2 instead (clear boundaries between requests)\n* Disable reuse of backend connections eg. ```http-reuse never``` in HAProxy or whatever equivalent LB settings",
"product_ids": [
"Red Hat Process Automation 7"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Process Automation 7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "netty: HTTP request smuggling"
},
{
"cve": "CVE-2019-20445",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"discovery_date": "2020-01-20T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1798509"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Netty before version 4.1.44, where it accepted multiple Content-Length headers and also accepted both Transfer-Encoding, as well as Content-Length headers where it should reject the message under such circumstances. In circumstances where Netty is used in the context of a server, it could result in a viable HTTP smuggling vulnerability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "netty: HttpObjectDecoder.java allows Content-Length header to accompanied by second Content-Length header",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "OpenShift Container Platform ships a vulnerable netty library as part of the logging-elasticsearch5 container. ElasticSearch\u0027s security team has stated that the previous vulnerability, CVE-2019-16869, does not poses a substantial practical threat to ElasticSearch 6 [1]. We agree that this issue would be difficult to exploit both these vulnerabilities on OpenShift Container Platform, so we\u0027re reducing the impact of this issue to moderate and may fix it in the future release.\n\nRed Hat Satellite ships a vulnerable version of netty embedded in Candlepin. However, the flaw can not be triggered in that context, because HTTP requests are handled by Tomcat, not by netty. A future release may fix this.\n\n[1] https://github.com/elastic/elasticsearch/issues/49396",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Process Automation 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-20445"
},
{
"category": "external",
"summary": "RHBZ#1798509",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1798509"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-20445",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20445"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-20445",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-20445"
}
],
"release_date": "2020-01-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-07-29T06:21:49+00:00",
"details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nIt is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat Process Automation 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3197"
},
{
"category": "workaround",
"details": "* Use HTTP/2 instead (clear boundaries between requests)\n* Disable reuse of backend connections eg. ```http-reuse never``` in HAProxy or whatever equivalent LB settings",
"product_ids": [
"Red Hat Process Automation 7"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Process Automation 7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "netty: HttpObjectDecoder.java allows Content-Length header to accompanied by second Content-Length header"
},
{
"cve": "CVE-2020-1718",
"cwe": {
"id": "CWE-287",
"name": "Improper Authentication"
},
"discovery_date": "2020-01-31T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1796756"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the reset credential flow in Keycloak. This flaw allows an attacker to gain unauthorized access to the application.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "keycloak: security issue on reset credential flow",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Process Automation 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-1718"
},
{
"category": "external",
"summary": "RHBZ#1796756",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1796756"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-1718",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1718"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1718",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1718"
}
],
"release_date": "2020-05-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-07-29T06:21:49+00:00",
"details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nIt is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat Process Automation 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3197"
},
{
"category": "workaround",
"details": "Disable reset credential flow.",
"product_ids": [
"Red Hat Process Automation 7"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Process Automation 7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "keycloak: security issue on reset credential flow"
},
{
"cve": "CVE-2020-7238",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"discovery_date": "2020-01-27T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1796225"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Netty, where it mishandles Transfer-Encoding whitespace. This flaw allows HTTP Request Smuggling.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "netty: HTTP Request Smuggling due to Transfer-Encoding whitespace mishandling",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "OpenShift Container Platform ships a vulnerable netty library as part of the logging-elasticsearch5 container. ElasticSearch\u0027s security team has stated that the previous vulnerability, CVE-2019-16869, does not poses a substantial practical threat to ElasticSearch 6 [1]. We agree that this issue would be difficult to exploit both these vulnerabilities on OpenShift Container Platform, so we\u0027re reducing the impact of this issue to moderate and may fix it in the future release.\n\nRed Hat Satellite ships vulnerable netty version embedded in Candlepin, however, is not directly vulnerable since HTTP requests are handled by Tomcat and not netty.\n\n[1] https://github.com/elastic/elasticsearch/issues/49396",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Process Automation 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-7238"
},
{
"category": "external",
"summary": "RHBZ#1796225",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1796225"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-7238",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7238"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-7238",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-7238"
},
{
"category": "external",
"summary": "https://netty.io/news/2019/12/18/4-1-44-Final.html",
"url": "https://netty.io/news/2019/12/18/4-1-44-Final.html"
}
],
"release_date": "2020-01-26T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-07-29T06:21:49+00:00",
"details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nIt is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat Process Automation 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3197"
},
{
"category": "workaround",
"details": "* Use HTTP/2 instead (clear boundaries between requests)\n* Disable reuse of backend connections eg. ```http-reuse never``` in HAProxy or whatever equivalent LB settings",
"product_ids": [
"Red Hat Process Automation 7"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Process Automation 7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "netty: HTTP Request Smuggling due to Transfer-Encoding whitespace mishandling"
},
{
"cve": "CVE-2020-8840",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2020-03-02T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1816330"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in FasterXML jackson-databind in versions 2.0.0 through 2.9.10.2. A \"gadget\" exploit is possible due to a lack of a Java object being blocking from being deserialized. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: Lacks certain xbean-reflect/JNDI blocking",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.\n\nWhile OpenShift Container Platform\u0027s elasticsearch plugins do ship the vulnerable component, it doesn\u0027t do any of the unsafe things described in https://access.redhat.com/solutions/3279231. We may update the jackson-databind dependency in a future release.\n\nRed Hat Satellite 6 does not enable polymorphic deserialization which is a required configuration for the vulnerability to be used. We may update the jackson-databind dependency in a future release.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Process Automation 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-8840"
},
{
"category": "external",
"summary": "RHBZ#1816330",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816330"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-8840",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8840"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-8840",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8840"
}
],
"release_date": "2020-03-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-07-29T06:21:49+00:00",
"details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nIt is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat Process Automation 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3197"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Process Automation 7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: Lacks certain xbean-reflect/JNDI blocking"
},
{
"cve": "CVE-2020-9546",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2020-03-02T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1816332"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: Serialization gadgets in shaded-hikari-config",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.\n\nWhile OpenShift Container Platform\u0027s elasticsearch plugins do ship the vulnerable component, it doesn\u0027t do any of the unsafe things described in https://access.redhat.com/solutions/3279231. We may update the jackson-databind dependency in a future release.\n\nRed Hat Satellite 6 does not enable polymorphic deserialization which is a required configuration for the vulnerability to be used. We may update the jackson-databind dependency in a future release.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Process Automation 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-9546"
},
{
"category": "external",
"summary": "RHBZ#1816332",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816332"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-9546",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-9546"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-9546",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-9546"
}
],
"release_date": "2020-03-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-07-29T06:21:49+00:00",
"details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nIt is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat Process Automation 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3197"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Process Automation 7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: Serialization gadgets in shaded-hikari-config"
},
{
"cve": "CVE-2020-9547",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2020-03-02T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1816337"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in jackson-databind 2.x. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: Serialization gadgets in ibatis-sqlmap",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.\n\nWhile OpenShift Container Platform\u0027s elasticsearch plugins do ship the vulnerable component, it doesn\u0027t do any of the unsafe things described in https://access.redhat.com/solutions/3279231. We may update the jackson-databind dependency in a future release.\n\nRed Hat Satellite 6 does not enable polymorphic deserialization which is a required configuration for the vulnerability to be used. We may update the jackson-databind dependency in a future release.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Process Automation 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-9547"
},
{
"category": "external",
"summary": "RHBZ#1816337",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816337"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-9547",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-9547"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-9547",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-9547"
}
],
"release_date": "2020-03-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-07-29T06:21:49+00:00",
"details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nIt is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat Process Automation 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3197"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Process Automation 7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: Serialization gadgets in ibatis-sqlmap"
},
{
"cve": "CVE-2020-9548",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2020-03-02T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1816340"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in jackson-databind 2.x. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: Serialization gadgets in anteros-core",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.\n\nWhile OpenShift Container Platform\u0027s elasticsearch plugins do ship the vulnerable component, it doesn\u0027t do any of the unsafe things described in https://access.redhat.com/solutions/3279231. We may update the jackson-databind dependency in a future release.\n\nRed Hat Satellite 6 does not enable polymorphic deserialization which is a required configuration for the vulnerability to be used. We may update the jackson-databind dependency in a future release.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Process Automation 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-9548"
},
{
"category": "external",
"summary": "RHBZ#1816340",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816340"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-9548",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-9548"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-9548",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-9548"
}
],
"release_date": "2020-03-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-07-29T06:21:49+00:00",
"details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nIt is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat Process Automation 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3197"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Process Automation 7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: Serialization gadgets in anteros-core"
},
{
"cve": "CVE-2020-10672",
"cwe": {
"id": "CWE-96",
"name": "Improper Neutralization of Directives in Statically Saved Code (\u0027Static Code Injection\u0027)"
},
"discovery_date": "2020-03-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1815495"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Process Automation 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-10672"
},
{
"category": "external",
"summary": "RHBZ#1815495",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1815495"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-10672",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10672"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10672",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10672"
}
],
"release_date": "2020-03-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-07-29T06:21:49+00:00",
"details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nIt is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat Process Automation 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3197"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Process Automation 7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution"
},
{
"cve": "CVE-2020-10673",
"cwe": {
"id": "CWE-96",
"name": "Improper Neutralization of Directives in Statically Saved Code (\u0027Static Code Injection\u0027)"
},
"discovery_date": "2020-03-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1815470"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time. Additionally, the gadget is not available within Red Hat Openstack Platform\u0027s OpenDaylight.\n\nWhile OpenShift Container Platform\u0027s elasticsearch plugins do ship the vulnerable component, it doesn\u0027t do any of the unsafe things described in https://access.redhat.com/solutions/3279231. We may update the jackson-databind dependency in a future release.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Process Automation 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-10673"
},
{
"category": "external",
"summary": "RHBZ#1815470",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1815470"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-10673",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10673"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10673",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10673"
}
],
"release_date": "2020-03-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-07-29T06:21:49+00:00",
"details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nIt is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat Process Automation 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3197"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Process Automation 7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution"
},
{
"cve": "CVE-2020-10968",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2020-03-26T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1819208"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in jackson-databind 2.x prior to version 2.9.10.4. The interaction between serialization gadgets and typing is mishandled in the bus-proxy. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: Serialization gadgets in org.aoju.bus.proxy.provider.*.RmiProvider",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "While OpenShift Container Platform\u0027s elasticsearch plugins do ship the vulnerable component, it doesn\u0027t do any of the unsafe things described in https://access.redhat.com/solutions/3279231. We may update the jackson-databind dependency in a future release.\n\nRed Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.\n\nRed Hat Satellite 6 does not enable polymorphic deserialization which is a required configuration for the vulnerability to be used. We may update the jackson-databind dependency in a future release.\n\nThe PKI module as shipped in Red Hat Enterprise Linux 8 does not enable polymorphic deserialization which is a required configuration for the vulnerability to be used, lowering the impact of the vulnerability for the Product. We may update the jackson-databind dependency in a future release.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Process Automation 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-10968"
},
{
"category": "external",
"summary": "RHBZ#1819208",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1819208"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-10968",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10968"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10968",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10968"
}
],
"release_date": "2020-03-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-07-29T06:21:49+00:00",
"details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nIt is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat Process Automation 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3197"
},
{
"category": "workaround",
"details": "The following conditions are needed for an exploit, we recommend avoiding all if possible\n* Deserialization from sources you do not control\n* `enableDefaultTyping()`\n* `@JsonTypeInfo using `id.CLASS` or `id.MINIMAL_CLASS`",
"product_ids": [
"Red Hat Process Automation 7"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Process Automation 7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: Serialization gadgets in org.aoju.bus.proxy.provider.*.RmiProvider"
},
{
"cve": "CVE-2020-10969",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2020-03-26T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1819212"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4. The interaction between serialization gadgets and typing is mishandled. The highest threat from this vulnerability is to data confidentiality.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: Serialization gadgets in javax.swing.JEditorPane",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "While OpenShift Container Platform\u0027s elasticsearch plugins do ship the vulnerable component, it doesn\u0027t do any of the unsafe things described in https://access.redhat.com/solutions/3279231. We may update the jackson-databind dependency in a future release.\n\nRed Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.\n\nRed Hat Satellite 6 does not enable polymorphic deserialization which is a required configuration for the vulnerability to be used. We may update the jackson-databind dependency in a future release.\n\nThe PKI module as shipped in Red Hat Enterprise Linux 8 does not enable polymorphic deserialization which is a required configuration for the vulnerability to be used, lowering the impact of the vulnerability for the Product. We may update the jackson-databind dependency in a future release.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Process Automation 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-10969"
},
{
"category": "external",
"summary": "RHBZ#1819212",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1819212"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-10969",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10969"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10969",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10969"
}
],
"release_date": "2020-03-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-07-29T06:21:49+00:00",
"details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nIt is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat Process Automation 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3197"
},
{
"category": "workaround",
"details": "The following conditions are needed for an exploit, we recommend avoiding all if possible\n* Deserialization from sources you do not control\n* `enableDefaultTyping()`\n* `@JsonTypeInfo using `id.CLASS` or `id.MINIMAL_CLASS`",
"product_ids": [
"Red Hat Process Automation 7"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Process Automation 7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: Serialization gadgets in javax.swing.JEditorPane"
},
{
"cve": "CVE-2020-11111",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2020-03-31T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1821304"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4. The interaction between serialization gadgets and typing is mishandled. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: Serialization gadgets in org.apache.activemq.jms.pool.XaPooledConnectionFactory",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Satellite 6 does not enable polymorphic deserialization which is a required configuration for the vulnerability to be used. We may update the jackson-databind dependency in a future release.\n\nRed Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.\n\nWhile OpenShift Container Platform\u0027s elasticsearch plugins do ship the vulnerable component, it doesn\u0027t do any of the unsafe things described in https://access.redhat.com/solutions/3279231. We may update the jackson-databind dependency in a future release.\n\nThe PKI module as shipped in Red Hat Enterprise Linux 8 does not enable polymorphic deserialization which is a required configuration for the vulnerability to be used, lowering the impact of the vulnerability for the Product. We may update the jackson-databind dependency in a future release.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Process Automation 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-11111"
},
{
"category": "external",
"summary": "RHBZ#1821304",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1821304"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-11111",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11111"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-11111",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11111"
},
{
"category": "external",
"summary": "https://github.com/FasterXML/jackson-databind/issues/2664",
"url": "https://github.com/FasterXML/jackson-databind/issues/2664"
}
],
"release_date": "2020-03-24T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-07-29T06:21:49+00:00",
"details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nIt is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat Process Automation 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3197"
},
{
"category": "workaround",
"details": "The following conditions are needed for an exploit, we recommend avoiding all if possible\n* Deserialization from sources you do not control\n* `enableDefaultTyping()`\n* `@JsonTypeInfo using `id.CLASS` or `id.MINIMAL_CLASS`",
"product_ids": [
"Red Hat Process Automation 7"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Process Automation 7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: Serialization gadgets in org.apache.activemq.jms.pool.XaPooledConnectionFactory"
},
{
"cve": "CVE-2020-11112",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2020-03-31T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1821311"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4. The interaction between serialization gadgets and typing is mishandled. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: Serialization gadgets in org.apache.commons.proxy.provider.remoting.RmiProvider",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Satellite 6 does not enable polymorphic deserialization which is a required configuration for the vulnerability to be used. We may update the jackson-databind dependency in a future release.\n\nRed Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.\n\nWhile OpenShift Container Platform\u0027s elasticsearch plugins do ship the vulnerable component, it doesn\u0027t do any of the unsafe things described in https://access.redhat.com/solutions/3279231. We may update the jackson-databind dependency in a future release.\n\nThe PKI module as shipped in Red Hat Enterprise Linux 8 does not enable polymorphic deserialization which is a required configuration for the vulnerability to be used, lowering the impact of the vulnerability for the Product. We may update the jackson-databind dependency in a future release.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Process Automation 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-11112"
},
{
"category": "external",
"summary": "RHBZ#1821311",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1821311"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-11112",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11112"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-11112",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11112"
},
{
"category": "external",
"summary": "https://github.com/FasterXML/jackson-databind/issues/2666",
"url": "https://github.com/FasterXML/jackson-databind/issues/2666"
}
],
"release_date": "2020-03-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-07-29T06:21:49+00:00",
"details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nIt is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat Process Automation 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3197"
},
{
"category": "workaround",
"details": "The following conditions are needed for an exploit, we recommend avoiding all if possible\n* Deserialization from sources you do not control\n* `enableDefaultTyping()`\n* `@JsonTypeInfo using `id.CLASS` or `id.MINIMAL_CLASS`",
"product_ids": [
"Red Hat Process Automation 7"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Process Automation 7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: Serialization gadgets in org.apache.commons.proxy.provider.remoting.RmiProvider"
},
{
"cve": "CVE-2020-11113",
"cwe": {
"id": "CWE-96",
"name": "Improper Neutralization of Directives in Statically Saved Code (\u0027Static Code Injection\u0027)"
},
"discovery_date": "2020-03-31T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1821315"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4. The interaction between serialization gadgets and typing is mishandled. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: Serialization gadgets in org.apache.openjpa.ee.WASRegistryManagedRuntime",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Satellite 6 does not enable polymorphic deserialization which is a required configuration for the vulnerability to be used. We may update the jackson-databind dependency in a future release.\n\nRed Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.\n\nWhile OpenShift Container Platform\u0027s elasticsearch plugins do ship the vulnerable component, it doesn\u0027t do any of the unsafe things described in https://access.redhat.com/solutions/3279231. We may update the jackson-databind dependency in a future release.\n\nThe PKI module as shipped in Red Hat Enterprise Linux 8 does not enable polymorphic deserialization which is a required configuration for the vulnerability to be used, lowering the impact of the vulnerability for the Product. We may update the jackson-databind dependency in a future release.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Process Automation 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-11113"
},
{
"category": "external",
"summary": "RHBZ#1821315",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1821315"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-11113",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11113"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-11113",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11113"
},
{
"category": "external",
"summary": "https://github.com/FasterXML/jackson-databind/issues/2670",
"url": "https://github.com/FasterXML/jackson-databind/issues/2670"
}
],
"release_date": "2020-03-28T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-07-29T06:21:49+00:00",
"details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nIt is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat Process Automation 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3197"
},
{
"category": "workaround",
"details": "The following conditions are needed for an exploit, we recommend avoiding all if possible\n* Deserialization from sources you do not control\n* `enableDefaultTyping()`\n* `@JsonTypeInfo using `id.CLASS` or `id.MINIMAL_CLASS`",
"product_ids": [
"Red Hat Process Automation 7"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Process Automation 7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: Serialization gadgets in org.apache.openjpa.ee.WASRegistryManagedRuntime"
},
{
"cve": "CVE-2020-11612",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2020-03-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1816216"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Netty in the way it handles the amount of data it compresses and decompresses. The Compression/Decompression codecs should enforce memory allocation size limits to avoid an Out of Memory Error (OOME) or exhaustion of the memory pool.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "netty: compression/decompression codecs don\u0027t enforce limits on buffer allocation sizes",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "In OpenShift Container Platform end users don\u0027t have direct access to send requests to ElasticSearch. A user could need access to the ElasticSearch service on the internal cluster network in order to be able to send malicious requests to it.\n\n\nThird party scanners flagging Red Hat Satellite due to availability of the higher version packages in Red Hat AMQ Clients (through errata RHSA-2020:2605) compare to the qpid packages from Satellite Tools repository. qpid dependency fixed in errata RHSA-2020:2605 was for Red Hat AMQ Clients and it doesn\u0027t necessarily mean that packages from Satellite Tools are affected. These are two different products with different architecture and code-base. Updating the packages from any other repository than the Satellite-tools repository is not recommended for Satellite Customers. \n\nRed Hat Satellite 6.7 and earlier ship affected version of netty, however, there is no external connection being exposed and it is used by only Artemis to open an internal connection within the JVM. Since netty does not come into contact with untrusted data, vulnerability is not exposed in product code and there is no breach of Confidentiality, Integrity or Availability expected from this vulnerability. We may update the netty and its dependency in a future release.\n\nMore information regarding Satellite related packages can be found on KCS: https://access.redhat.com/solutions/5200591",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Process Automation 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-11612"
},
{
"category": "external",
"summary": "RHBZ#1816216",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816216"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-11612",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11612"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-11612",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11612"
}
],
"release_date": "2020-01-31T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-07-29T06:21:49+00:00",
"details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nIt is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat Process Automation 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3197"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Process Automation 7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "netty: compression/decompression codecs don\u0027t enforce limits on buffer allocation sizes"
},
{
"cve": "CVE-2020-11619",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2020-04-08T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1826805"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in jackson-databind 2.x. The interaction between serialization gadgets and typing is mishandled. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: Serialization gadgets in org.springframework:spring-aop",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.\n\nThe PKI module as shipped in Red Hat Enterprise Linux 8 does not enable polymorphic deserialization which is a required configuration for the vulnerability to be used, lowering the impact of the vulnerability for the Product. We may update the jackson-databind dependency in a future release.\n\nWhile OpenShift Container Platform\u0027s elasticsearch plugins do ship the vulnerable component, it doesn\u0027t do any of the unsafe things described in https://access.redhat.com/solutions/3279231. We may update the jackson-databind dependency in a future release.\n\nRed Hat Satellite 6 does not enable polymorphic deserialization which is a required configuration for the vulnerability to be used. We may update the jackson-databind dependency in a future release.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Process Automation 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-11619"
},
{
"category": "external",
"summary": "RHBZ#1826805",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1826805"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-11619",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11619"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-11619",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11619"
}
],
"release_date": "2020-04-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-07-29T06:21:49+00:00",
"details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nIt is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat Process Automation 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3197"
},
{
"category": "workaround",
"details": "The following conditions are needed for an exploit, we recommend avoiding all if possible:\n* Deserialization from sources you do not control\n* `enableDefaultTyping()`\n* `@JsonTypeInfo using `id.CLASS` or `id.MINIMAL_CLASS`",
"product_ids": [
"Red Hat Process Automation 7"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Process Automation 7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: Serialization gadgets in org.springframework:spring-aop"
},
{
"cve": "CVE-2020-11620",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2020-04-08T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1826798"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in jackson-databind 2.x. The interaction between serialization gadgets and typing is mishandled. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: Serialization gadgets in commons-jelly:commons-jelly",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.\n\nThe PKI module as shipped in Red Hat Enterprise Linux 8 does not enable polymorphic deserialization which is a required configuration for the vulnerability to be used, lowering the impact of the vulnerability for the Product. We may update the jackson-databind dependency in a future release.\n\nWhile OpenShift Container Platform\u0027s elasticsearch plugins do ship the vulnerable component, it doesn\u0027t do any of the unsafe things described in https://access.redhat.com/solutions/3279231. We may update the jackson-databind dependency in a future release.\n\nRed Hat Satellite 6 does not enable polymorphic deserialization which is a required configuration for the vulnerability to be used. We may update the jackson-databind dependency in a future release.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Process Automation 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-11620"
},
{
"category": "external",
"summary": "RHBZ#1826798",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1826798"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-11620",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11620"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-11620",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11620"
}
],
"release_date": "2020-04-07T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-07-29T06:21:49+00:00",
"details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nIt is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat Process Automation 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3197"
},
{
"category": "workaround",
"details": "The following conditions are needed for an exploit, we recommend avoiding all if possible:\n* Deserialization from sources you do not control\n* `enableDefaultTyping()`\n* `@JsonTypeInfo using `id.CLASS` or `id.MINIMAL_CLASS`",
"product_ids": [
"Red Hat Process Automation 7"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Process Automation 7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: Serialization gadgets in commons-jelly:commons-jelly"
},
{
"cve": "CVE-2020-14060",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2020-06-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1848960"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.5. The interaction between serialization gadgets and typing is mishandled. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: serialization in oadd.org.apache.xalan.lib.sql.JNDIConnectionPool",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "While OpenShift Container Platform\u0027s elasticsearch plugins do ship the vulnerable component, it doesn\u0027t do any of the unsafe things described in https://access.redhat.com/solutions/3279231. We may update the jackson-databind dependency in a future release.\n\nRed Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.\n\nThe PKI module as shipped in Red Hat Enterprise Linux 8 and Red Hat Satellite 6 does not enable polymorphic deserialization which is a required configuration for the vulnerability to be used, lowering the impact of the vulnerability for the Product. We may update the jackson-databind dependency in a future release.\n\nThe version of jackson-databind as shipped in Red Hat Software Collections rh-maven35 is used only while building maven, thus it does not deserialize data coming from untrusted sources, lowering the impact of the vulnerability for the Product.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Process Automation 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-14060"
},
{
"category": "external",
"summary": "RHBZ#1848960",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1848960"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-14060",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14060"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-14060",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14060"
}
],
"release_date": "2020-05-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-07-29T06:21:49+00:00",
"details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nIt is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat Process Automation 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3197"
},
{
"category": "workaround",
"details": "The following conditions are needed for an exploit, we recommend avoiding all if possible:\n* Deserialization from sources you do not control\n* enableDefaultTyping()\n* @JsonTypeInfo using id.CLASS or id.MINIMAL_CLASS\n* oadd.org.apache.xalan.lib.sql.JNDIConnectionPool in classpath",
"product_ids": [
"Red Hat Process Automation 7"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Process Automation 7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: serialization in oadd.org.apache.xalan.lib.sql.JNDIConnectionPool"
},
{
"cve": "CVE-2020-14061",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2020-06-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1848966"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.5. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: serialization in weblogic/oracle-aqjms",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "While OpenShift Container Platform\u0027s elasticsearch plugins do ship the vulnerable component, it doesn\u0027t do any of the unsafe things described in https://access.redhat.com/solutions/3279231. We may update the jackson-databind dependency in a future release.\n\nRed Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.\n\nThe PKI module as shipped in Red Hat Enterprise Linux 8 and Red Hat Satellite 6 does not enable polymorphic deserialization which is a required configuration for the vulnerability to be used, lowering the impact of the vulnerability for the Product. We may update the jackson-databind dependency in a future release.\n\nThe version of jackson-databind as shipped in Red Hat Software Collections rh-maven35 is used only while building maven, thus it does not deserialize data coming from untrusted sources, lowering the impact of the vulnerability for the Product.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Process Automation 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-14061"
},
{
"category": "external",
"summary": "RHBZ#1848966",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1848966"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-14061",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14061"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-14061",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14061"
}
],
"release_date": "2020-05-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-07-29T06:21:49+00:00",
"details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nIt is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat Process Automation 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3197"
},
{
"category": "workaround",
"details": "The following conditions are needed for an exploit, we recommend avoiding all if possible:\n* Deserialization from sources you do not control\n* enableDefaultTyping()\n* @JsonTypeInfo using id.CLASS or id.MINIMAL_CLASS\n* oracle.jms.AQjms*ConnectionFactory in classpath",
"product_ids": [
"Red Hat Process Automation 7"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Process Automation 7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: serialization in weblogic/oracle-aqjms"
},
{
"cve": "CVE-2020-14062",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2020-06-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1848962"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.5. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: serialization in com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "While OpenShift Container Platform\u0027s elasticsearch plugins do ship the vulnerable component, it doesn\u0027t do any of the unsafe things described in https://access.redhat.com/solutions/3279231. We may update the jackson-databind dependency in a future release.\n\nRed Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.\n\nThe PKI module as shipped in Red Hat Enterprise Linux 8 and Red Hat Satellite 6 does not enable polymorphic deserialization which is a required configuration for the vulnerability to be used, lowering the impact of the vulnerability for the Product. We may update the jackson-databind dependency in a future release.\n\nThe version of jackson-databind as shipped in Red Hat Software Collections rh-maven35 is used only while building maven, thus it does not deserialize data coming from untrusted sources, lowering the impact of the vulnerability for the Product.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Process Automation 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-14062"
},
{
"category": "external",
"summary": "RHBZ#1848962",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1848962"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-14062",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14062"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-14062",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14062"
}
],
"release_date": "2020-05-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-07-29T06:21:49+00:00",
"details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nIt is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat Process Automation 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3197"
},
{
"category": "workaround",
"details": "The following conditions are needed for an exploit, we recommend avoiding all if possible:\n* Deserialization from sources you do not control\n* enableDefaultTyping()\n* @JsonTypeInfo using id.CLASS or id.MINIMAL_CLASS\n* com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool in classpath",
"product_ids": [
"Red Hat Process Automation 7"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Process Automation 7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: serialization in com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool"
}
]
}
RHSA-2020:3461
Vulnerability from csaf_redhat - Published: 2020-08-17 13:28 - Updated: 2026-05-14 22:25Summary
Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.3.2 security update
Severity
Important
Notes
Topic: An update is now available for Red Hat JBoss Enterprise Application Platform 7.3 for Red Hat Enterprise Linux 6.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime.
This release of Red Hat JBoss Enterprise Application Platform 7.3.2 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.3.1, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.3.2 Release Notes for information about the most significant bug fixes and enhancements included in this release.
Security Fix(es):
* wildfly: exposed setting of TCCL via the EmbeddedManagedProcess API (CVE-2020-10718)
* dom4j: XML External Entity vulnerability in default SAX parser (CVE-2020-10683)
* wildfly-elytron: session fixation when using FORM authentication (CVE-2020-10714)
* wildfly-undertow: Undertow: Incomplete fix for CVE-2017-2666 due to permitting invalid characters in HTTP requests (CVE-2020-10687)
* jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution (CVE-2020-10673)
* hibernate-core: hibernate: SQL injection issue in Hibernate ORM (CVE-2019-14900)
* wildfly: unsafe deserialization in Wildfly Enterprise Java Beans (CVE-2020-10740)
* jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution (CVE-2020-10672)
* undertow: EAP: field-name is not parsed in accordance to RFC7230 (CVE-2020-1710)
* hibernate-validator: Improper input validation in the interpolation of constraint error messages (CVE-2020-10693)
* wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain (CVE-2020-1748)
* wildfly: Some EJB transaction objects may get accumulated causing Denial of Service (CVE-2020-14297)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, see the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in Hibernate ORM. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks.
6.5 (Medium)
Affected products
Fixed
103 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was discovered in JBoss EAP, where it does not process the header field-name in accordance with RFC7230. Whitespace between the header field-name and colon is processed, resulting in an HTTP response code of 200 instead of a bad request of 400.
7.5 (High)
Affected products
Fixed
103 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in Wildfly, where the WildFlySecurityManager checks were bypassed when using custom security managers, resulting in an improper authorization. This flaw leads to information exposure by unauthenticated access to secure resources.
4.8 (Medium)
Affected products
Fixed
103 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
8.1 (High)
Affected products
Fixed
103 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
5.6 (Medium)
Affected products
Fixed
103 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
dom4j before 2.0.3 and 2.1.x before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j.
5.0 (Medium)
Affected products
Fixed
103 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was discovered in Undertow where HTTP request smuggling related to CVE-2017-2666 is possible against HTTP/1.x and HTTP/2 due to permitting invalid characters in an HTTP request. This flaw allows an attacker to poison a web-cache, perform an XSS attack, or obtain sensitive information from request other than their own.
4.8 (Medium)
Affected products
Fixed
103 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in Hibernate Validator version 6.1.2.Final. A bug in the message interpolation processor enables invalid EL expressions to be evaluated as if they were valid. This flaw allows attackers to bypass input sanitation (escaping, stripping) controls that developers may have put in place when handling user-controlled data in error messages.
5.3 (Medium)
Affected products
Fixed
103 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in WildFly Elytron version 1.11.3.Final and before. When using WildFly Elytron FORM authentication with a session ID in the URL, an attacker could perform a session fixation attack. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
7.5 (High)
Affected products
Fixed
103 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in Wildfly, where the embedded managed process API has an exposed setting of the Thread Context Classloader (TCCL). This setting is exposed as a public method, which can bypass the security manager. The highest threat from this vulnerability is to confidentiality.
5.9 (Medium)
Affected products
Fixed
103 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in Wildfly. A remote deserialization attack is possible in the Enterprise Application Beans (EJB) due to lack of validation/filtering capabilities in wildfly. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availablity.
7.5 (High)
Affected products
Fixed
103 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in Netty in the way it handles the amount of data it compresses and decompresses. The Compression/Decompression codecs should enforce memory allocation size limits to avoid an Out of Memory Error (OOME) or exhaustion of the memory pool.
7.5 (High)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
Known not affected
100 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch | — | ||
| Unresolved product id: 6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src | — | ||
| Unresolved product id: 6Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el6eap.src | — | ||
| Unresolved product id: 6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.noarch | — | ||
| Unresolved product id: 6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.src | — | ||
| Unresolved product id: 6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.noarch | — | ||
| Unresolved product id: 6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.src | — | ||
| Unresolved product id: 6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch | — | ||
| Unresolved product id: 6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src | — | ||
| Unresolved product id: 6Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch | — | ||
| Unresolved product id: 6Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch | — | ||
| Unresolved product id: 6Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch | — | ||
| Unresolved product id: 6Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch | — | ||
| Unresolved product id: 6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch | — | ||
| Unresolved product id: 6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src | — | ||
| Unresolved product id: 6Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch | — | ||
| Unresolved product id: 6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch | — | ||
| Unresolved product id: 6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.src | — | ||
| Unresolved product id: 6Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch | — | ||
| Unresolved product id: 6Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch | — | ||
| Unresolved product id: 6Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch | — | ||
| Unresolved product id: 6Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch | — | ||
| Unresolved product id: 6Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch | — | ||
| Unresolved product id: 6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch | — | ||
| Unresolved product id: 6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch | — | ||
| Unresolved product id: 6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch | — | ||
| Unresolved product id: 6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch | — | ||
| Unresolved product id: 6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src | — | ||
| Unresolved product id: 6Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch | — | ||
| Unresolved product id: 6Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch | — | ||
| Unresolved product id: 6Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch | — | ||
| Unresolved product id: 6Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch | — | ||
| Unresolved product id: 6Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch | — | ||
| Unresolved product id: 6Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch | — | ||
| Unresolved product id: 6Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch | — | ||
| Unresolved product id: 6Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch | — | ||
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch | — | ||
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.src | — | ||
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.noarch | — | ||
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.src | — | ||
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.noarch | — | ||
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.src | — | ||
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el6eap.noarch | — | ||
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el6eap.noarch | — | ||
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch | — | ||
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el6eap.noarch | — | ||
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el6eap.src | — | ||
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch | — | ||
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch | — | ||
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.src | — | ||
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.noarch | — | ||
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.src | — | ||
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch | — | ||
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src | — | ||
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.noarch | — | ||
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.src | — | ||
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch | — | ||
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src | — | ||
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — | ||
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.src | — | ||
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — | ||
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — | ||
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — | ||
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — | ||
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — | ||
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — | ||
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — | ||
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — | ||
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — | ||
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — | ||
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — | ||
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — | ||
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — | ||
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — | ||
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — | ||
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — | ||
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — | ||
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — | ||
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — | ||
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — | ||
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — | ||
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.noarch | — | ||
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.src | — | ||
| Unresolved product id: 6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch | — | ||
| Unresolved product id: 6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src | — | ||
| Unresolved product id: 6Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el6eap.noarch | — | ||
| Unresolved product id: 6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch | — | ||
| Unresolved product id: 6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.src | — | ||
| Unresolved product id: 6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.noarch | — | ||
| Unresolved product id: 6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.src | — | ||
| Unresolved product id: 6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch | — | ||
| Unresolved product id: 6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.src | — | ||
| Unresolved product id: 6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch | — | ||
| Unresolved product id: 6Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src | — | ||
| Unresolved product id: 6Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch | — | ||
| Unresolved product id: 6Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch | — | ||
| Unresolved product id: 6Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch | — | ||
| Unresolved product id: 6Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch | — | ||
| Unresolved product id: 6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch | — | ||
| Unresolved product id: 6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch | — |
Threats
Impact
Moderate
A flaw was found in Wildfly's EJB Client, where the accumulation of specific EJB transaction objects over time can cause services to slow down and eventually become unavailable. This flaw allows an attacker to cause a denial of service. The highest threat from this vulnerability is to system availability.
6.5 (Medium)
Affected products
Fixed
103 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A vulnerability was found in Wildfly's Enterprise Java Beans (EJB), where SessionOpenInvocations are never removed from the remote InvocationTracker after a response is received in the EJB Client, as well as the server. This flaw allows an attacker to craft a denial of service attack to make the service unavailable.
6.5 (Medium)
Affected products
Fixed
103 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
References
90 references
Acknowledgments
Red Hat
Guillaume Smet
Adith Sudhakar
Red Hat
Aaron Ogburn
GitHub Security Labs
Alvaro Muñoz
Nedap
Mark Banierink
Red Hat
James R. Perkins
SySS GmbH
Moritz Bechler
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update is now available for Red Hat JBoss Enterprise Application Platform 7.3 for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime.\n\nThis release of Red Hat JBoss Enterprise Application Platform 7.3.2 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.3.1, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.3.2 Release Notes for information about the most significant bug fixes and enhancements included in this release.\n\nSecurity Fix(es):\n\n* wildfly: exposed setting of TCCL via the EmbeddedManagedProcess API (CVE-2020-10718)\n\n* dom4j: XML External Entity vulnerability in default SAX parser (CVE-2020-10683)\n\n* wildfly-elytron: session fixation when using FORM authentication (CVE-2020-10714)\n\n* wildfly-undertow: Undertow: Incomplete fix for CVE-2017-2666 due to permitting invalid characters in HTTP requests (CVE-2020-10687)\n\n* jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution (CVE-2020-10673)\n\n* hibernate-core: hibernate: SQL injection issue in Hibernate ORM (CVE-2019-14900)\n\n* wildfly: unsafe deserialization in Wildfly Enterprise Java Beans (CVE-2020-10740)\n\n* jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution (CVE-2020-10672)\n\n* undertow: EAP: field-name is not parsed in accordance to RFC7230 (CVE-2020-1710)\n\n* hibernate-validator: Improper input validation in the interpolation of constraint error messages (CVE-2020-10693)\n\n* wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain (CVE-2020-1748)\n\n* wildfly: Some EJB transaction objects may get accumulated causing Denial of Service (CVE-2020-14297)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, see the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2020:3461",
"url": "https://access.redhat.com/errata/RHSA-2020:3461"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/",
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/html-single/installation_guide/",
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/html-single/installation_guide/"
},
{
"category": "external",
"summary": "1666499",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1666499"
},
{
"category": "external",
"summary": "1694235",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1694235"
},
{
"category": "external",
"summary": "1785049",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1785049"
},
{
"category": "external",
"summary": "1793970",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1793970"
},
{
"category": "external",
"summary": "1805501",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1805501"
},
{
"category": "external",
"summary": "1807707",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1807707"
},
{
"category": "external",
"summary": "1815470",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1815470"
},
{
"category": "external",
"summary": "1815495",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1815495"
},
{
"category": "external",
"summary": "1825714",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1825714"
},
{
"category": "external",
"summary": "1828476",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828476"
},
{
"category": "external",
"summary": "1834512",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1834512"
},
{
"category": "external",
"summary": "1853595",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1853595"
},
{
"category": "external",
"summary": "JBEAP-19095",
"url": "https://issues.redhat.com/browse/JBEAP-19095"
},
{
"category": "external",
"summary": "JBEAP-19134",
"url": "https://issues.redhat.com/browse/JBEAP-19134"
},
{
"category": "external",
"summary": "JBEAP-19185",
"url": "https://issues.redhat.com/browse/JBEAP-19185"
},
{
"category": "external",
"summary": "JBEAP-19203",
"url": "https://issues.redhat.com/browse/JBEAP-19203"
},
{
"category": "external",
"summary": "JBEAP-19269",
"url": "https://issues.redhat.com/browse/JBEAP-19269"
},
{
"category": "external",
"summary": "JBEAP-19322",
"url": "https://issues.redhat.com/browse/JBEAP-19322"
},
{
"category": "external",
"summary": "JBEAP-19325",
"url": "https://issues.redhat.com/browse/JBEAP-19325"
},
{
"category": "external",
"summary": "JBEAP-19397",
"url": "https://issues.redhat.com/browse/JBEAP-19397"
},
{
"category": "external",
"summary": "JBEAP-19409",
"url": "https://issues.redhat.com/browse/JBEAP-19409"
},
{
"category": "external",
"summary": "JBEAP-19529",
"url": "https://issues.redhat.com/browse/JBEAP-19529"
},
{
"category": "external",
"summary": "JBEAP-19564",
"url": "https://issues.redhat.com/browse/JBEAP-19564"
},
{
"category": "external",
"summary": "JBEAP-19585",
"url": "https://issues.redhat.com/browse/JBEAP-19585"
},
{
"category": "external",
"summary": "JBEAP-19617",
"url": "https://issues.redhat.com/browse/JBEAP-19617"
},
{
"category": "external",
"summary": "JBEAP-19619",
"url": "https://issues.redhat.com/browse/JBEAP-19619"
},
{
"category": "external",
"summary": "JBEAP-19673",
"url": "https://issues.redhat.com/browse/JBEAP-19673"
},
{
"category": "external",
"summary": "JBEAP-19674",
"url": "https://issues.redhat.com/browse/JBEAP-19674"
},
{
"category": "external",
"summary": "JBEAP-19874",
"url": "https://issues.redhat.com/browse/JBEAP-19874"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_3461.json"
}
],
"title": "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.3.2 security update",
"tracking": {
"current_release_date": "2026-05-14T22:25:30+00:00",
"generator": {
"date": "2026-05-14T22:25:30+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.0"
}
},
"id": "RHSA-2020:3461",
"initial_release_date": "2020-08-17T13:28:01+00:00",
"revision_history": [
{
"date": "2020-08-17T13:28:01+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2020-08-17T13:28:01+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-05-14T22:25:30+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product": {
"name": "Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss Enterprise Application Platform"
},
{
"branches": [
{
"category": "product_version",
"name": "eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el6eap.src",
"product": {
"name": "eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el6eap.src",
"product_id": "eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el6eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-elytron-web@1.6.2-1.Final_redhat_00001.1.el6eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.src",
"product": {
"name": "eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.src",
"product_id": "eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-xnio-base@3.7.8-1.SP1_redhat_00001.1.el6eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.src",
"product": {
"name": "eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.src",
"product_id": "eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-glassfish-jsf@2.3.9-11.SP11_redhat_00001.1.el6eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.src",
"product": {
"name": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.src",
"product_id": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-jsf-api_2.3_spec@3.0.0-4.SP04_redhat_00001.1.el6eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.src",
"product": {
"name": "eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.src",
"product_id": "eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-netty@4.1.48-1.Final_redhat_00001.1.el6eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.src",
"product": {
"name": "eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.src",
"product_id": "eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-elytron@1.10.7-1.Final_redhat_00001.1.el6eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.src",
"product": {
"name": "eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.src",
"product_id": "eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hal-console@3.2.9-1.Final_redhat_00001.1.el6eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.src",
"product": {
"name": "eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.src",
"product_id": "eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-infinispan@9.4.19-1.Final_redhat_00001.1.el6eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.src",
"product": {
"name": "eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.src",
"product_id": "eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-databind@2.10.4-1.redhat_00001.1.el6eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.src",
"product": {
"name": "eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.src",
"product_id": "eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-common@1.5.2-1.Final_redhat_00002.1.el6eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src",
"product": {
"name": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src",
"product_id": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-dom4j@2.1.3-1.redhat_00001.1.el6eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src",
"product": {
"name": "eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src",
"product_id": "eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-logmanager@2.1.15-1.Final_redhat_00001.1.el6eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src",
"product": {
"name": "eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src",
"product_id": "eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate@5.3.17-1.Final_redhat_00001.1.el6eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src",
"product": {
"name": "eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src",
"product_id": "eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-validator@6.0.20-1.Final_redhat_00001.1.el6eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src",
"product": {
"name": "eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src",
"product_id": "eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-genericjms@2.0.6-1.Final_redhat_00001.1.el6eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src",
"product": {
"name": "eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src",
"product_id": "eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar@1.4.22-1.Final_redhat_00001.1.el6eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src",
"product": {
"name": "eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src",
"product_id": "eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-undertow@2.0.30-4.SP4_redhat_00001.1.el6eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.src",
"product": {
"name": "eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.src",
"product_id": "eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-annotations@2.10.4-1.redhat_00001.1.el6eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.src",
"product": {
"name": "eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.src",
"product_id": "eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-core@2.10.4-1.redhat_00001.1.el6eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el6eap.src",
"product": {
"name": "eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el6eap.src",
"product_id": "eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el6eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-jaxrs-providers@2.10.4-1.redhat_00001.1.el6eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.src",
"product": {
"name": "eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.src",
"product_id": "eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-modules-java8@2.10.4-1.redhat_00001.1.el6eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.src",
"product": {
"name": "eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.src",
"product_id": "eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-modules-base@2.10.4-1.redhat_00001.1.el6eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.src",
"product": {
"name": "eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.src",
"product_id": "eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration@1.7.1-7.Final_redhat_00009.1.el6eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src",
"product": {
"name": "eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src",
"product_id": "eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-http-client@1.0.22-1.Final_redhat_00001.1.el6eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.src",
"product": {
"name": "eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.src",
"product_id": "eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly@7.3.2-4.GA_redhat_00002.1.el6eap?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el6eap.noarch",
"product_id": "eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-undertow-server@1.6.2-1.Final_redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.noarch",
"product_id": "eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-xnio-base@3.7.8-1.SP1_redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.noarch",
"product_id": "eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-glassfish-jsf@2.3.9-11.SP11_redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.noarch",
"product_id": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-jsf-api_2.3_spec@3.0.0-4.SP04_redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch",
"product_id": "eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-netty@4.1.48-1.Final_redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch",
"product_id": "eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-netty-all@4.1.48-1.Final_redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch",
"product_id": "eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-elytron@1.10.7-1.Final_redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch",
"product_id": "eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-elytron-tool@1.10.7-1.Final_redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.noarch",
"product_id": "eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hal-console@3.2.9-1.Final_redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"product_id": "eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-infinispan@9.4.19-1.Final_redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"product_id": "eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-infinispan-cachestore-jdbc@9.4.19-1.Final_redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"product_id": "eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-infinispan-cachestore-remote@9.4.19-1.Final_redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"product_id": "eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-infinispan-client-hotrod@9.4.19-1.Final_redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"product_id": "eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-infinispan-commons@9.4.19-1.Final_redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"product_id": "eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-infinispan-core@9.4.19-1.Final_redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"product_id": "eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-infinispan-hibernate-cache-commons@9.4.19-1.Final_redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"product_id": "eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-infinispan-hibernate-cache-spi@9.4.19-1.Final_redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"product_id": "eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-infinispan-hibernate-cache-v53@9.4.19-1.Final_redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"product_id": "eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-databind@2.10.4-1.redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.noarch",
"product": {
"name": "eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.noarch",
"product_id": "eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-common@1.5.2-1.Final_redhat_00002.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch",
"product_id": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-dom4j@2.1.3-1.redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch",
"product_id": "eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-logmanager@2.1.15-1.Final_redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"product_id": "eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate@5.3.17-1.Final_redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"product_id": "eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-core@5.3.17-1.Final_redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"product_id": "eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-entitymanager@5.3.17-1.Final_redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"product_id": "eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-envers@5.3.17-1.Final_redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"product_id": "eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-java8@5.3.17-1.Final_redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"product_id": "eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-validator@6.0.20-1.Final_redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"product_id": "eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-validator-cdi@6.0.20-1.Final_redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch",
"product_id": "eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-genericjms@2.0.6-1.Final_redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"product_id": "eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar@1.4.22-1.Final_redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"product_id": "eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar-common-api@1.4.22-1.Final_redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"product_id": "eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar-common-impl@1.4.22-1.Final_redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"product_id": "eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar-common-spi@1.4.22-1.Final_redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"product_id": "eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar-core-api@1.4.22-1.Final_redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"product_id": "eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar-core-impl@1.4.22-1.Final_redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"product_id": "eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar-deployers-common@1.4.22-1.Final_redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"product_id": "eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar-jdbc@1.4.22-1.Final_redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"product_id": "eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar-validator@1.4.22-1.Final_redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch",
"product_id": "eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-undertow@2.0.30-4.SP4_redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"product_id": "eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-annotations@2.10.4-1.redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"product_id": "eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-core@2.10.4-1.redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"product_id": "eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-jaxrs-base@2.10.4-1.redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"product_id": "eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-jaxrs-json-provider@2.10.4-1.redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"product_id": "eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-datatype-jdk8@2.10.4-1.redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"product_id": "eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-datatype-jsr310@2.10.4-1.redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"product_id": "eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-modules-java8@2.10.4-1.redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"product_id": "eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-module-jaxb-annotations@2.10.4-1.redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"product_id": "eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-modules-base@2.10.4-1.redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"product_id": "eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration@1.7.1-7.Final_redhat_00009.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"product_id": "eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-cli@1.7.1-7.Final_redhat_00009.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"product_id": "eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-core@1.7.1-7.Final_redhat_00009.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"product_id": "eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap6.4@1.7.1-7.Final_redhat_00009.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"product_id": "eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap6.4-to-eap7.3@1.7.1-7.Final_redhat_00009.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"product_id": "eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.0@1.7.1-7.Final_redhat_00009.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"product_id": "eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.1@1.7.1-7.Final_redhat_00009.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"product_id": "eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.2@1.7.1-7.Final_redhat_00009.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"product_id": "eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.2-to-eap7.3@1.7.1-7.Final_redhat_00009.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"product_id": "eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.3-server@1.7.1-7.Final_redhat_00009.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly10.0@1.7.1-7.Final_redhat_00009.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly10.1@1.7.1-7.Final_redhat_00009.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly11.0@1.7.1-7.Final_redhat_00009.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly12.0@1.7.1-7.Final_redhat_00009.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly13.0-server@1.7.1-7.Final_redhat_00009.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly14.0-server@1.7.1-7.Final_redhat_00009.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly15.0-server@1.7.1-7.Final_redhat_00009.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly16.0-server@1.7.1-7.Final_redhat_00009.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly17.0-server@1.7.1-7.Final_redhat_00009.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly18.0-server@1.7.1-7.Final_redhat_00009.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly8.2@1.7.1-7.Final_redhat_00009.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly9.0@1.7.1-7.Final_redhat_00009.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"product_id": "eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-http-client-common@1.0.22-1.Final_redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"product_id": "eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-http-ejb-client@1.0.22-1.Final_redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"product_id": "eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-http-naming-client@1.0.22-1.Final_redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"product_id": "eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-http-transaction-client@1.0.22-1.Final_redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch",
"product": {
"name": "eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch",
"product_id": "eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly@7.3.2-4.GA_redhat_00002.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch",
"product": {
"name": "eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch",
"product_id": "eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-javadocs@7.3.2-4.GA_redhat_00002.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch",
"product": {
"name": "eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch",
"product_id": "eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-modules@7.3.2-4.GA_redhat_00002.1.el6eap?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src"
},
"product_reference": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el6eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el6eap.src"
},
"product_reference": "eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el6eap.src",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.src"
},
"product_reference": "eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.src",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.src"
},
"product_reference": "eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.src",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src"
},
"product_reference": "eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src"
},
"product_reference": "eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.src"
},
"product_reference": "eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.src",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src"
},
"product_reference": "eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.src"
},
"product_reference": "eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.src",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.src"
},
"product_reference": "eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.src",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.src"
},
"product_reference": "eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.src",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el6eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el6eap.src"
},
"product_reference": "eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el6eap.src",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.src"
},
"product_reference": "eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.src",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.src"
},
"product_reference": "eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.src",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src"
},
"product_reference": "eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.src"
},
"product_reference": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.src",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src"
},
"product_reference": "eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.src"
},
"product_reference": "eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.src",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.src"
},
"product_reference": "eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.src",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.src"
},
"product_reference": "eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.src",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src"
},
"product_reference": "eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch"
},
"product_reference": "eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.src"
},
"product_reference": "eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.src",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.noarch"
},
"product_reference": "eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.src"
},
"product_reference": "eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.src",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.src"
},
"product_reference": "eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.src",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src"
},
"product_reference": "eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch"
},
"product_reference": "eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch"
},
"product_reference": "eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Guillaume Smet"
],
"organization": "Red Hat",
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2019-14900",
"cwe": {
"id": "CWE-89",
"name": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)"
},
"discovery_date": "2019-01-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1666499"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Hibernate ORM. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "hibernate: SQL injection issue in Hibernate ORM",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "OpenDaylight:\nIn RHOSP10, RHOSP13 and RHOSP14 editions of Red Hat OpenStack platform, the hibernate-jfa library shipped with OpenDaylight is contains a flaw in the processing of SQL queries. The hibernate-jha implemenation is not used in a vulnerable way in OpenDaylight, preventing the potential for SQL injection.\n\nRed Hat Satellite 6.2, 6.3 and 6.4 contains affected versions of hibernate-core in its candlepin component. However, that component does not use hibernate-core in a vulnerable way.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-14900"
},
{
"category": "external",
"summary": "RHBZ#1666499",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1666499"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-14900",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14900"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-14900",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14900"
}
],
"release_date": "2020-05-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-08-17T13:28:01+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3461"
},
{
"category": "workaround",
"details": "There is no currently known mitigation for this flaw.",
"product_ids": [
"6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "hibernate: SQL injection issue in Hibernate ORM"
},
{
"cve": "CVE-2020-1710",
"cwe": {
"id": "CWE-113",
"name": "Improper Neutralization of CRLF Sequences in HTTP Headers (\u0027HTTP Request/Response Splitting\u0027)"
},
"discovery_date": "2019-12-20T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1793970"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was discovered in JBoss EAP, where it does not process the header field-name in accordance with RFC7230. Whitespace between the header field-name and colon is processed, resulting in an HTTP response code of 200 instead of a bad request of 400.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "EAP: field-name is not parsed in accordance to RFC7230",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-1710"
},
{
"category": "external",
"summary": "RHBZ#1793970",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1793970"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-1710",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1710"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1710",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1710"
}
],
"release_date": "2020-08-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-08-17T13:28:01+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3461"
},
{
"category": "workaround",
"details": "There is currently no known mitigation for this issue.",
"product_ids": [
"6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "EAP: field-name is not parsed in accordance to RFC7230"
},
{
"cve": "CVE-2020-1748",
"cwe": {
"id": "CWE-285",
"name": "Improper Authorization"
},
"discovery_date": "2020-02-26T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1807707"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Wildfly, where the WildFlySecurityManager checks were bypassed when using custom security managers, resulting in an improper authorization. This flaw leads to information exposure by unauthenticated access to secure resources.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-1748"
},
{
"category": "external",
"summary": "RHBZ#1807707",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1807707"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-1748",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1748"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1748",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1748"
}
],
"release_date": "2020-08-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-08-17T13:28:01+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3461"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain"
},
{
"cve": "CVE-2020-10672",
"cwe": {
"id": "CWE-96",
"name": "Improper Neutralization of Directives in Statically Saved Code (\u0027Static Code Injection\u0027)"
},
"discovery_date": "2020-03-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1815495"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-10672"
},
{
"category": "external",
"summary": "RHBZ#1815495",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1815495"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-10672",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10672"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10672",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10672"
}
],
"release_date": "2020-03-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-08-17T13:28:01+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3461"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution"
},
{
"cve": "CVE-2020-10673",
"cwe": {
"id": "CWE-96",
"name": "Improper Neutralization of Directives in Statically Saved Code (\u0027Static Code Injection\u0027)"
},
"discovery_date": "2020-03-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1815470"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time. Additionally, the gadget is not available within Red Hat Openstack Platform\u0027s OpenDaylight.\n\nWhile OpenShift Container Platform\u0027s elasticsearch plugins do ship the vulnerable component, it doesn\u0027t do any of the unsafe things described in https://access.redhat.com/solutions/3279231. We may update the jackson-databind dependency in a future release.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-10673"
},
{
"category": "external",
"summary": "RHBZ#1815470",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1815470"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-10673",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10673"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10673",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10673"
}
],
"release_date": "2020-03-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-08-17T13:28:01+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3461"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution"
},
{
"acknowledgments": [
{
"names": [
"Adith Sudhakar"
]
}
],
"cve": "CVE-2020-10683",
"cwe": {
"id": "CWE-611",
"name": "Improper Restriction of XML External Entity Reference"
},
"discovery_date": "2019-03-28T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1694235"
}
],
"notes": [
{
"category": "description",
"text": "dom4j before 2.0.3 and 2.1.x before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "dom4j: XML External Entity vulnerability in default SAX parser",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "OpenShift Container Platform ships a vulnerable version of dom4j library. However it\u0027s used to parse configuration files, which are local disk resources. We\u0027ve rated this issue with a moderate impact for OpenShift Container Platform.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-10683"
},
{
"category": "external",
"summary": "RHBZ#1694235",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1694235"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-10683",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10683"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10683",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10683"
}
],
"release_date": "2020-04-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-08-17T13:28:01+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3461"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "dom4j: XML External Entity vulnerability in default SAX parser"
},
{
"acknowledgments": [
{
"names": [
"Aaron Ogburn"
],
"organization": "Red Hat",
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2020-10687",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"discovery_date": "2019-06-27T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1785049"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was discovered in Undertow where HTTP request smuggling related to CVE-2017-2666 is possible against HTTP/1.x and HTTP/2 due to permitting invalid characters in an HTTP request. This flaw allows an attacker to poison a web-cache, perform an XSS attack, or obtain sensitive information from request other than their own.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Undertow: Incomplete fix for CVE-2017-2666 due to permitting invalid characters in HTTP requests",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-10687"
},
{
"category": "external",
"summary": "RHBZ#1785049",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1785049"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-10687",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10687"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10687",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10687"
}
],
"release_date": "2020-04-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-08-17T13:28:01+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3461"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Undertow: Incomplete fix for CVE-2017-2666 due to permitting invalid characters in HTTP requests"
},
{
"acknowledgments": [
{
"names": [
"Alvaro Mu\u00f1oz"
],
"organization": "GitHub Security Labs"
}
],
"cve": "CVE-2020-10693",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2020-02-05T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1805501"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Hibernate Validator version 6.1.2.Final. A bug in the message interpolation processor enables invalid EL expressions to be evaluated as if they were valid. This flaw allows attackers to bypass input sanitation (escaping, stripping) controls that developers may have put in place when handling user-controlled data in error messages.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "hibernate-validator: Improper input validation in the interpolation of constraint error messages",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "hibernate-validator is packaged with Red Hat OpenStack Platform 13.0\u0027s OpenDaylight (ODL). However, because ODL is technical preview in this version and the flaw is moderate, Red Hat will not be releasing a fix for the OpenStack package at this time.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-10693"
},
{
"category": "external",
"summary": "RHBZ#1805501",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1805501"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-10693",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10693"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10693",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10693"
}
],
"release_date": "2020-05-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-08-17T13:28:01+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3461"
},
{
"category": "workaround",
"details": "You can pass user input as an expression variable by unwrapping the context to HibernateConstraintValidatorContext. Please refer to the https://in.relation.to/2020/05/07/hibernate-validator-615-6020-released/ and https://docs.jboss.org/hibernate/stable/validator/reference/en-US/html_single/#_the_code_constraintvalidatorcontext_code.",
"product_ids": [
"6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "hibernate-validator: Improper input validation in the interpolation of constraint error messages"
},
{
"acknowledgments": [
{
"names": [
"Mark Banierink"
],
"organization": "Nedap"
}
],
"cve": "CVE-2020-10714",
"cwe": {
"id": "CWE-384",
"name": "Session Fixation"
},
"discovery_date": "2020-03-24T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1825714"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WildFly Elytron version 1.11.3.Final and before. When using WildFly Elytron FORM authentication with a session ID in the URL, an attacker could perform a session fixation attack. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "wildfly-elytron: session fixation when using FORM authentication",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-10714"
},
{
"category": "external",
"summary": "RHBZ#1825714",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1825714"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-10714",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10714"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10714",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10714"
}
],
"release_date": "2020-04-28T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-08-17T13:28:01+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3461"
},
{
"category": "workaround",
"details": "This attack is dependent on the attacker being able to create a session and the victim accessing the session before the session expires, we do have a 15 minute session timeout by default but the attacker could also keep this alive by say sending in a request every five minutes.\n\nThe server by default supports session tracking by URL and Cookie, if the web.xml is updated to support COOKIE only the exploit is not possible by sharing the link.\n~~~\n \u003csession-config\u003e\n \u003ctracking-mode\u003eURL\u003c/tracking-mode\u003e\n \u003c/session-config\u003e\n~~~\nTO\n~~~\n \u003csession-config\u003e\n \u003ctracking-mode\u003eCOOKIE\u003c/tracking-mode\u003e\n \u003c/session-config\u003e\n~~~",
"product_ids": [
"6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "wildfly-elytron: session fixation when using FORM authentication"
},
{
"acknowledgments": [
{
"names": [
"James R. Perkins"
],
"organization": "Red Hat",
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2020-10718",
"cwe": {
"id": "CWE-749",
"name": "Exposed Dangerous Method or Function"
},
"discovery_date": "2020-03-09T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1828476"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Wildfly, where the embedded managed process API has an exposed setting of the Thread Context Classloader (TCCL). This setting is exposed as a public method, which can bypass the security manager. The highest threat from this vulnerability is to confidentiality.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "wildfly: exposed setting of TCCL via the EmbeddedManagedProcess API",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-10718"
},
{
"category": "external",
"summary": "RHBZ#1828476",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828476"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-10718",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10718"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10718",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10718"
}
],
"release_date": "2020-08-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-08-17T13:28:01+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3461"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "wildfly: exposed setting of TCCL via the EmbeddedManagedProcess API"
},
{
"acknowledgments": [
{
"names": [
"Moritz Bechler"
],
"organization": "SySS GmbH"
}
],
"cve": "CVE-2020-10740",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2020-03-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1834512"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Wildfly. A remote deserialization attack is possible in the Enterprise Application Beans (EJB) due to lack of validation/filtering capabilities in wildfly. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availablity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "wildfly: unsafe deserialization in Wildfly Enterprise Java Beans",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-10740"
},
{
"category": "external",
"summary": "RHBZ#1834512",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1834512"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-10740",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10740"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10740",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10740"
}
],
"release_date": "2020-06-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-08-17T13:28:01+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3461"
},
{
"category": "workaround",
"details": "There is currently no known mitigation for this issue.",
"product_ids": [
"6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "wildfly: unsafe deserialization in Wildfly Enterprise Java Beans"
},
{
"cve": "CVE-2020-11612",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2020-03-23T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1816216"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Netty in the way it handles the amount of data it compresses and decompresses. The Compression/Decompression codecs should enforce memory allocation size limits to avoid an Out of Memory Error (OOME) or exhaustion of the memory pool.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "netty: compression/decompression codecs don\u0027t enforce limits on buffer allocation sizes",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "In OpenShift Container Platform end users don\u0027t have direct access to send requests to ElasticSearch. A user could need access to the ElasticSearch service on the internal cluster network in order to be able to send malicious requests to it.\n\n\nThird party scanners flagging Red Hat Satellite due to availability of the higher version packages in Red Hat AMQ Clients (through errata RHSA-2020:2605) compare to the qpid packages from Satellite Tools repository. qpid dependency fixed in errata RHSA-2020:2605 was for Red Hat AMQ Clients and it doesn\u0027t necessarily mean that packages from Satellite Tools are affected. These are two different products with different architecture and code-base. Updating the packages from any other repository than the Satellite-tools repository is not recommended for Satellite Customers. \n\nRed Hat Satellite 6.7 and earlier ship affected version of netty, however, there is no external connection being exposed and it is used by only Artemis to open an internal connection within the JVM. Since netty does not come into contact with untrusted data, vulnerability is not exposed in product code and there is no breach of Confidentiality, Integrity or Availability expected from this vulnerability. We may update the netty and its dependency in a future release.\n\nMore information regarding Satellite related packages can be found on KCS: https://access.redhat.com/solutions/5200591",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch"
],
"known_not_affected": [
"6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-11612"
},
{
"category": "external",
"summary": "RHBZ#1816216",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816216"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-11612",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11612"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-11612",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11612"
}
],
"release_date": "2020-01-31T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-08-17T13:28:01+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3461"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "netty: compression/decompression codecs don\u0027t enforce limits on buffer allocation sizes"
},
{
"cve": "CVE-2020-14297",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2020-07-01T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1853595"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Wildfly\u0027s EJB Client, where the accumulation of specific EJB transaction objects over time can cause services to slow down and eventually become unavailable. This flaw allows an attacker to cause a denial of service. The highest threat from this vulnerability is to system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "wildfly: Some EJB transaction objects may get accumulated causing Denial of Service",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-14297"
},
{
"category": "external",
"summary": "RHBZ#1853595",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1853595"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-14297",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14297"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-14297",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14297"
}
],
"release_date": "2020-07-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-08-17T13:28:01+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3461"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "wildfly: Some EJB transaction objects may get accumulated causing Denial of Service"
},
{
"cve": "CVE-2020-14307",
"cwe": {
"id": "CWE-404",
"name": "Improper Resource Shutdown or Release"
},
"discovery_date": "2020-06-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1851327"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in Wildfly\u0027s Enterprise Java Beans (EJB), where SessionOpenInvocations are never removed from the remote InvocationTracker after a response is received in the EJB Client, as well as the server. This flaw allows an attacker to craft a denial of service attack to make the service unavailable.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "wildfly: EJB SessionOpenInvocations may not be removed properly after a response is received causing Denial of Service",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-14307"
},
{
"category": "external",
"summary": "RHBZ#1851327",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1851327"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-14307",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14307"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-14307",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14307"
}
],
"release_date": "2020-07-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-08-17T13:28:01+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3461"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "wildfly: EJB SessionOpenInvocations may not be removed properly after a response is received causing Denial of Service"
}
]
}
RHSA-2020:3462
Vulnerability from csaf_redhat - Published: 2020-08-17 13:28 - Updated: 2026-05-14 22:25Summary
Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.3.2 security update
Severity
Important
Notes
Topic: An update is now available for Red Hat JBoss Enterprise Application Platform 7.3 for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime.
This release of Red Hat JBoss Enterprise Application Platform 7.3.2 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.3.1, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.3.2 Release Notes for information about the most significant bug fixes and enhancements included in this release.
Security Fix(es):
* wildfly: exposed setting of TCCL via the EmbeddedManagedProcess API (CVE-2020-10718)
* dom4j: XML External Entity vulnerability in default SAX parser (CVE-2020-10683)
* wildfly-elytron: session fixation when using FORM authentication (CVE-2020-10714)
* wildfly-undertow: Undertow: Incomplete fix for CVE-2017-2666 due to permitting invalid characters in HTTP requests (CVE-2020-10687)
* jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution (CVE-2020-10673)
* hibernate-core: hibernate: SQL injection issue in Hibernate ORM (CVE-2019-14900)
* wildfly: unsafe deserialization in Wildfly Enterprise Java Beans (CVE-2020-10740)
* jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution (CVE-2020-10672)
* undertow: EAP: field-name is not parsed in accordance to RFC7230 (CVE-2020-1710)
* hibernate-validator: Improper input validation in the interpolation of constraint error messages (CVE-2020-10693)
* wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain (CVE-2020-1748)
* wildfly: Some EJB transaction objects may get accumulated causing Denial of Service (CVE-2020-14297)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, see the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in Hibernate ORM. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks.
6.5 (Medium)
Affected products
Fixed
105 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was discovered in JBoss EAP, where it does not process the header field-name in accordance with RFC7230. Whitespace between the header field-name and colon is processed, resulting in an HTTP response code of 200 instead of a bad request of 400.
7.5 (High)
Affected products
Fixed
105 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in Wildfly, where the WildFlySecurityManager checks were bypassed when using custom security managers, resulting in an improper authorization. This flaw leads to information exposure by unauthenticated access to secure resources.
4.8 (Medium)
Affected products
Fixed
105 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
8.1 (High)
Affected products
Fixed
105 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
5.6 (Medium)
Affected products
Fixed
105 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
dom4j before 2.0.3 and 2.1.x before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j.
5.0 (Medium)
Affected products
Fixed
105 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was discovered in Undertow where HTTP request smuggling related to CVE-2017-2666 is possible against HTTP/1.x and HTTP/2 due to permitting invalid characters in an HTTP request. This flaw allows an attacker to poison a web-cache, perform an XSS attack, or obtain sensitive information from request other than their own.
4.8 (Medium)
Affected products
Fixed
105 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in Hibernate Validator version 6.1.2.Final. A bug in the message interpolation processor enables invalid EL expressions to be evaluated as if they were valid. This flaw allows attackers to bypass input sanitation (escaping, stripping) controls that developers may have put in place when handling user-controlled data in error messages.
5.3 (Medium)
Affected products
Fixed
105 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in WildFly Elytron version 1.11.3.Final and before. When using WildFly Elytron FORM authentication with a session ID in the URL, an attacker could perform a session fixation attack. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
7.5 (High)
Affected products
Fixed
105 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in Wildfly, where the embedded managed process API has an exposed setting of the Thread Context Classloader (TCCL). This setting is exposed as a public method, which can bypass the security manager. The highest threat from this vulnerability is to confidentiality.
5.9 (Medium)
Affected products
Fixed
105 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in Wildfly. A remote deserialization attack is possible in the Enterprise Application Beans (EJB) due to lack of validation/filtering capabilities in wildfly. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availablity.
7.5 (High)
Affected products
Fixed
105 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in Netty in the way it handles the amount of data it compresses and decompresses. The Compression/Decompression codecs should enforce memory allocation size limits to avoid an Out of Memory Error (OOME) or exhaustion of the memory pool.
7.5 (High)
Affected products
Fixed
105 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in Wildfly's EJB Client, where the accumulation of specific EJB transaction objects over time can cause services to slow down and eventually become unavailable. This flaw allows an attacker to cause a denial of service. The highest threat from this vulnerability is to system availability.
6.5 (Medium)
Affected products
Fixed
105 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A vulnerability was found in Wildfly's Enterprise Java Beans (EJB), where SessionOpenInvocations are never removed from the remote InvocationTracker after a response is received in the EJB Client, as well as the server. This flaw allows an attacker to craft a denial of service attack to make the service unavailable.
6.5 (Medium)
Affected products
Fixed
105 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
References
90 references
Acknowledgments
Red Hat
Guillaume Smet
Adith Sudhakar
Red Hat
Aaron Ogburn
GitHub Security Labs
Alvaro Muñoz
Nedap
Mark Banierink
Red Hat
James R. Perkins
SySS GmbH
Moritz Bechler
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update is now available for Red Hat JBoss Enterprise Application Platform 7.3 for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime.\n\nThis release of Red Hat JBoss Enterprise Application Platform 7.3.2 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.3.1, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.3.2 Release Notes for information about the most significant bug fixes and enhancements included in this release.\n\nSecurity Fix(es):\n\n* wildfly: exposed setting of TCCL via the EmbeddedManagedProcess API (CVE-2020-10718)\n\n* dom4j: XML External Entity vulnerability in default SAX parser (CVE-2020-10683)\n\n* wildfly-elytron: session fixation when using FORM authentication (CVE-2020-10714)\n\n* wildfly-undertow: Undertow: Incomplete fix for CVE-2017-2666 due to permitting invalid characters in HTTP requests (CVE-2020-10687)\n\n* jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution (CVE-2020-10673)\n\n* hibernate-core: hibernate: SQL injection issue in Hibernate ORM (CVE-2019-14900)\n\n* wildfly: unsafe deserialization in Wildfly Enterprise Java Beans (CVE-2020-10740)\n\n* jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution (CVE-2020-10672)\n\n* undertow: EAP: field-name is not parsed in accordance to RFC7230 (CVE-2020-1710)\n\n* hibernate-validator: Improper input validation in the interpolation of constraint error messages (CVE-2020-10693)\n\n* wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain (CVE-2020-1748)\n\n* wildfly: Some EJB transaction objects may get accumulated causing Denial of Service (CVE-2020-14297)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, see the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2020:3462",
"url": "https://access.redhat.com/errata/RHSA-2020:3462"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/",
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/html-single/installation_guide/",
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/html-single/installation_guide/"
},
{
"category": "external",
"summary": "1666499",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1666499"
},
{
"category": "external",
"summary": "1694235",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1694235"
},
{
"category": "external",
"summary": "1785049",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1785049"
},
{
"category": "external",
"summary": "1793970",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1793970"
},
{
"category": "external",
"summary": "1805501",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1805501"
},
{
"category": "external",
"summary": "1807707",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1807707"
},
{
"category": "external",
"summary": "1815470",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1815470"
},
{
"category": "external",
"summary": "1815495",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1815495"
},
{
"category": "external",
"summary": "1825714",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1825714"
},
{
"category": "external",
"summary": "1828476",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828476"
},
{
"category": "external",
"summary": "1834512",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1834512"
},
{
"category": "external",
"summary": "1853595",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1853595"
},
{
"category": "external",
"summary": "JBEAP-19095",
"url": "https://issues.redhat.com/browse/JBEAP-19095"
},
{
"category": "external",
"summary": "JBEAP-19134",
"url": "https://issues.redhat.com/browse/JBEAP-19134"
},
{
"category": "external",
"summary": "JBEAP-19185",
"url": "https://issues.redhat.com/browse/JBEAP-19185"
},
{
"category": "external",
"summary": "JBEAP-19203",
"url": "https://issues.redhat.com/browse/JBEAP-19203"
},
{
"category": "external",
"summary": "JBEAP-19269",
"url": "https://issues.redhat.com/browse/JBEAP-19269"
},
{
"category": "external",
"summary": "JBEAP-19322",
"url": "https://issues.redhat.com/browse/JBEAP-19322"
},
{
"category": "external",
"summary": "JBEAP-19325",
"url": "https://issues.redhat.com/browse/JBEAP-19325"
},
{
"category": "external",
"summary": "JBEAP-19397",
"url": "https://issues.redhat.com/browse/JBEAP-19397"
},
{
"category": "external",
"summary": "JBEAP-19410",
"url": "https://issues.redhat.com/browse/JBEAP-19410"
},
{
"category": "external",
"summary": "JBEAP-19529",
"url": "https://issues.redhat.com/browse/JBEAP-19529"
},
{
"category": "external",
"summary": "JBEAP-19564",
"url": "https://issues.redhat.com/browse/JBEAP-19564"
},
{
"category": "external",
"summary": "JBEAP-19585",
"url": "https://issues.redhat.com/browse/JBEAP-19585"
},
{
"category": "external",
"summary": "JBEAP-19617",
"url": "https://issues.redhat.com/browse/JBEAP-19617"
},
{
"category": "external",
"summary": "JBEAP-19619",
"url": "https://issues.redhat.com/browse/JBEAP-19619"
},
{
"category": "external",
"summary": "JBEAP-19673",
"url": "https://issues.redhat.com/browse/JBEAP-19673"
},
{
"category": "external",
"summary": "JBEAP-19674",
"url": "https://issues.redhat.com/browse/JBEAP-19674"
},
{
"category": "external",
"summary": "JBEAP-19874",
"url": "https://issues.redhat.com/browse/JBEAP-19874"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_3462.json"
}
],
"title": "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.3.2 security update",
"tracking": {
"current_release_date": "2026-05-14T22:25:34+00:00",
"generator": {
"date": "2026-05-14T22:25:34+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.0"
}
},
"id": "RHSA-2020:3462",
"initial_release_date": "2020-08-17T13:28:06+00:00",
"revision_history": [
{
"date": "2020-08-17T13:28:06+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2020-08-17T13:28:06+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-05-14T22:25:34+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product": {
"name": "Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss Enterprise Application Platform"
},
{
"branches": [
{
"category": "product_version",
"name": "eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap.src",
"product_id": "eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-elytron-web@1.6.2-1.Final_redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.src",
"product_id": "eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-xnio-base@3.7.8-1.SP1_redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.src",
"product_id": "eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-glassfish-jsf@2.3.9-11.SP11_redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.src",
"product_id": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-jsf-api_2.3_spec@3.0.0-4.SP04_redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.src",
"product_id": "eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-netty@4.1.48-1.Final_redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.src",
"product_id": "eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-elytron@1.10.7-1.Final_redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.src",
"product_id": "eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-infinispan@9.4.19-1.Final_redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.src",
"product_id": "eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-databind@2.10.4-1.redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.src",
"product": {
"name": "eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.src",
"product_id": "eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-common@1.5.2-1.Final_redhat_00002.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src",
"product_id": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-dom4j@2.1.3-1.redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src",
"product_id": "eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-logmanager@2.1.15-1.Final_redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src",
"product_id": "eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate@5.3.17-1.Final_redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src",
"product_id": "eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-validator@6.0.20-1.Final_redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src",
"product_id": "eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-genericjms@2.0.6-1.Final_redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.src",
"product_id": "eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hal-console@3.2.9-1.Final_redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src",
"product_id": "eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar@1.4.22-1.Final_redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src",
"product_id": "eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-undertow@2.0.30-4.SP4_redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.src",
"product_id": "eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-annotations@2.10.4-1.redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.src",
"product_id": "eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-core@2.10.4-1.redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap.src",
"product_id": "eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-jaxrs-providers@2.10.4-1.redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.src",
"product_id": "eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-modules-java8@2.10.4-1.redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.src",
"product_id": "eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-modules-base@2.10.4-1.redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.src",
"product": {
"name": "eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.src",
"product_id": "eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration@1.7.1-7.Final_redhat_00009.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src",
"product_id": "eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-http-client@1.0.22-1.Final_redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.src",
"product": {
"name": "eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.src",
"product_id": "eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly@7.3.2-4.GA_redhat_00002.1.el7eap?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-undertow-server@1.6.2-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-xnio-base@3.7.8-1.SP1_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-glassfish-jsf@2.3.9-11.SP11_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-jsf-api_2.3_spec@3.0.0-4.SP04_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-netty@4.1.48-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-netty-all@4.1.48-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-elytron@1.10.7-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-elytron-tool@1.10.7-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-infinispan@9.4.19-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-infinispan-cachestore-jdbc@9.4.19-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-infinispan-cachestore-remote@9.4.19-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-infinispan-client-hotrod@9.4.19-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-infinispan-commons@9.4.19-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-infinispan-core@9.4.19-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-infinispan-hibernate-cache-commons@9.4.19-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-infinispan-hibernate-cache-spi@9.4.19-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-infinispan-hibernate-cache-v53@9.4.19-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"product_id": "eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-databind@2.10.4-1.redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.noarch",
"product": {
"name": "eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.noarch",
"product_id": "eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-common@1.5.2-1.Final_redhat_00002.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch",
"product_id": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-dom4j@2.1.3-1.redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-logmanager@2.1.15-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate@5.3.17-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-core@5.3.17-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-entitymanager@5.3.17-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-envers@5.3.17-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-java8@5.3.17-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-validator@6.0.20-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-validator-cdi@6.0.20-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-genericjms@2.0.6-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hal-console@3.2.9-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar@1.4.22-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar-common-api@1.4.22-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar-common-impl@1.4.22-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar-common-spi@1.4.22-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar-core-api@1.4.22-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar-core-impl@1.4.22-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar-deployers-common@1.4.22-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar-jdbc@1.4.22-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar-validator@1.4.22-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-undertow@2.0.30-4.SP4_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"product_id": "eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-annotations@2.10.4-1.redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"product_id": "eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-core@2.10.4-1.redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"product_id": "eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-jaxrs-base@2.10.4-1.redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"product_id": "eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-jaxrs-json-provider@2.10.4-1.redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"product_id": "eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-datatype-jdk8@2.10.4-1.redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"product_id": "eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-datatype-jsr310@2.10.4-1.redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"product_id": "eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-modules-java8@2.10.4-1.redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"product_id": "eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-module-jaxb-annotations@2.10.4-1.redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"product_id": "eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-modules-base@2.10.4-1.redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration@1.7.1-7.Final_redhat_00009.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-cli@1.7.1-7.Final_redhat_00009.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-core@1.7.1-7.Final_redhat_00009.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap6.4@1.7.1-7.Final_redhat_00009.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap6.4-to-eap7.3@1.7.1-7.Final_redhat_00009.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.0@1.7.1-7.Final_redhat_00009.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.1@1.7.1-7.Final_redhat_00009.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.2@1.7.1-7.Final_redhat_00009.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.2-to-eap7.3@1.7.1-7.Final_redhat_00009.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.3-server@1.7.1-7.Final_redhat_00009.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly10.0@1.7.1-7.Final_redhat_00009.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly10.1@1.7.1-7.Final_redhat_00009.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly11.0@1.7.1-7.Final_redhat_00009.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly12.0@1.7.1-7.Final_redhat_00009.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly13.0-server@1.7.1-7.Final_redhat_00009.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly14.0-server@1.7.1-7.Final_redhat_00009.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly15.0-server@1.7.1-7.Final_redhat_00009.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly16.0-server@1.7.1-7.Final_redhat_00009.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly17.0-server@1.7.1-7.Final_redhat_00009.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly18.0-server@1.7.1-7.Final_redhat_00009.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly8.2@1.7.1-7.Final_redhat_00009.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly9.0@1.7.1-7.Final_redhat_00009.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-http-client-common@1.0.22-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-http-ejb-client@1.0.22-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-http-naming-client@1.0.22-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-http-transaction-client@1.0.22-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"product": {
"name": "eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"product_id": "eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly@7.3.2-4.GA_redhat_00002.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-java-jdk11-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"product": {
"name": "eap7-wildfly-java-jdk11-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"product_id": "eap7-wildfly-java-jdk11-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-java-jdk11@7.3.2-4.GA_redhat_00002.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-java-jdk8-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"product": {
"name": "eap7-wildfly-java-jdk8-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"product_id": "eap7-wildfly-java-jdk8-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-java-jdk8@7.3.2-4.GA_redhat_00002.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"product": {
"name": "eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"product_id": "eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-javadocs@7.3.2-4.GA_redhat_00002.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"product": {
"name": "eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"product_id": "eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-modules@7.3.2-4.GA_redhat_00002.1.el7eap?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.src"
},
"product_reference": "eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch"
},
"product_reference": "eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.src"
},
"product_reference": "eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.noarch"
},
"product_reference": "eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.src"
},
"product_reference": "eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-java-jdk11-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch"
},
"product_reference": "eap7-wildfly-java-jdk11-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-java-jdk8-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch"
},
"product_reference": "eap7-wildfly-java-jdk8-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch"
},
"product_reference": "eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch"
},
"product_reference": "eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Guillaume Smet"
],
"organization": "Red Hat",
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2019-14900",
"cwe": {
"id": "CWE-89",
"name": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)"
},
"discovery_date": "2019-01-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1666499"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Hibernate ORM. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "hibernate: SQL injection issue in Hibernate ORM",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "OpenDaylight:\nIn RHOSP10, RHOSP13 and RHOSP14 editions of Red Hat OpenStack platform, the hibernate-jfa library shipped with OpenDaylight is contains a flaw in the processing of SQL queries. The hibernate-jha implemenation is not used in a vulnerable way in OpenDaylight, preventing the potential for SQL injection.\n\nRed Hat Satellite 6.2, 6.3 and 6.4 contains affected versions of hibernate-core in its candlepin component. However, that component does not use hibernate-core in a vulnerable way.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-14900"
},
{
"category": "external",
"summary": "RHBZ#1666499",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1666499"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-14900",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14900"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-14900",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14900"
}
],
"release_date": "2020-05-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-08-17T13:28:06+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3462"
},
{
"category": "workaround",
"details": "There is no currently known mitigation for this flaw.",
"product_ids": [
"7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "hibernate: SQL injection issue in Hibernate ORM"
},
{
"cve": "CVE-2020-1710",
"cwe": {
"id": "CWE-113",
"name": "Improper Neutralization of CRLF Sequences in HTTP Headers (\u0027HTTP Request/Response Splitting\u0027)"
},
"discovery_date": "2019-12-20T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1793970"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was discovered in JBoss EAP, where it does not process the header field-name in accordance with RFC7230. Whitespace between the header field-name and colon is processed, resulting in an HTTP response code of 200 instead of a bad request of 400.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "EAP: field-name is not parsed in accordance to RFC7230",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-1710"
},
{
"category": "external",
"summary": "RHBZ#1793970",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1793970"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-1710",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1710"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1710",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1710"
}
],
"release_date": "2020-08-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-08-17T13:28:06+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3462"
},
{
"category": "workaround",
"details": "There is currently no known mitigation for this issue.",
"product_ids": [
"7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "EAP: field-name is not parsed in accordance to RFC7230"
},
{
"cve": "CVE-2020-1748",
"cwe": {
"id": "CWE-285",
"name": "Improper Authorization"
},
"discovery_date": "2020-02-26T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1807707"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Wildfly, where the WildFlySecurityManager checks were bypassed when using custom security managers, resulting in an improper authorization. This flaw leads to information exposure by unauthenticated access to secure resources.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-1748"
},
{
"category": "external",
"summary": "RHBZ#1807707",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1807707"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-1748",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1748"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1748",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1748"
}
],
"release_date": "2020-08-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-08-17T13:28:06+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3462"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain"
},
{
"cve": "CVE-2020-10672",
"cwe": {
"id": "CWE-96",
"name": "Improper Neutralization of Directives in Statically Saved Code (\u0027Static Code Injection\u0027)"
},
"discovery_date": "2020-03-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1815495"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-10672"
},
{
"category": "external",
"summary": "RHBZ#1815495",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1815495"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-10672",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10672"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10672",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10672"
}
],
"release_date": "2020-03-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-08-17T13:28:06+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3462"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution"
},
{
"cve": "CVE-2020-10673",
"cwe": {
"id": "CWE-96",
"name": "Improper Neutralization of Directives in Statically Saved Code (\u0027Static Code Injection\u0027)"
},
"discovery_date": "2020-03-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1815470"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time. Additionally, the gadget is not available within Red Hat Openstack Platform\u0027s OpenDaylight.\n\nWhile OpenShift Container Platform\u0027s elasticsearch plugins do ship the vulnerable component, it doesn\u0027t do any of the unsafe things described in https://access.redhat.com/solutions/3279231. We may update the jackson-databind dependency in a future release.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-10673"
},
{
"category": "external",
"summary": "RHBZ#1815470",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1815470"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-10673",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10673"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10673",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10673"
}
],
"release_date": "2020-03-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-08-17T13:28:06+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3462"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution"
},
{
"acknowledgments": [
{
"names": [
"Adith Sudhakar"
]
}
],
"cve": "CVE-2020-10683",
"cwe": {
"id": "CWE-611",
"name": "Improper Restriction of XML External Entity Reference"
},
"discovery_date": "2019-03-28T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1694235"
}
],
"notes": [
{
"category": "description",
"text": "dom4j before 2.0.3 and 2.1.x before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "dom4j: XML External Entity vulnerability in default SAX parser",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "OpenShift Container Platform ships a vulnerable version of dom4j library. However it\u0027s used to parse configuration files, which are local disk resources. We\u0027ve rated this issue with a moderate impact for OpenShift Container Platform.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-10683"
},
{
"category": "external",
"summary": "RHBZ#1694235",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1694235"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-10683",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10683"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10683",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10683"
}
],
"release_date": "2020-04-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-08-17T13:28:06+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3462"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "dom4j: XML External Entity vulnerability in default SAX parser"
},
{
"acknowledgments": [
{
"names": [
"Aaron Ogburn"
],
"organization": "Red Hat",
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2020-10687",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"discovery_date": "2019-06-27T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1785049"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was discovered in Undertow where HTTP request smuggling related to CVE-2017-2666 is possible against HTTP/1.x and HTTP/2 due to permitting invalid characters in an HTTP request. This flaw allows an attacker to poison a web-cache, perform an XSS attack, or obtain sensitive information from request other than their own.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Undertow: Incomplete fix for CVE-2017-2666 due to permitting invalid characters in HTTP requests",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-10687"
},
{
"category": "external",
"summary": "RHBZ#1785049",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1785049"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-10687",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10687"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10687",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10687"
}
],
"release_date": "2020-04-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-08-17T13:28:06+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3462"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Undertow: Incomplete fix for CVE-2017-2666 due to permitting invalid characters in HTTP requests"
},
{
"acknowledgments": [
{
"names": [
"Alvaro Mu\u00f1oz"
],
"organization": "GitHub Security Labs"
}
],
"cve": "CVE-2020-10693",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2020-02-05T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1805501"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Hibernate Validator version 6.1.2.Final. A bug in the message interpolation processor enables invalid EL expressions to be evaluated as if they were valid. This flaw allows attackers to bypass input sanitation (escaping, stripping) controls that developers may have put in place when handling user-controlled data in error messages.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "hibernate-validator: Improper input validation in the interpolation of constraint error messages",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "hibernate-validator is packaged with Red Hat OpenStack Platform 13.0\u0027s OpenDaylight (ODL). However, because ODL is technical preview in this version and the flaw is moderate, Red Hat will not be releasing a fix for the OpenStack package at this time.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-10693"
},
{
"category": "external",
"summary": "RHBZ#1805501",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1805501"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-10693",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10693"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10693",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10693"
}
],
"release_date": "2020-05-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-08-17T13:28:06+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3462"
},
{
"category": "workaround",
"details": "You can pass user input as an expression variable by unwrapping the context to HibernateConstraintValidatorContext. Please refer to the https://in.relation.to/2020/05/07/hibernate-validator-615-6020-released/ and https://docs.jboss.org/hibernate/stable/validator/reference/en-US/html_single/#_the_code_constraintvalidatorcontext_code.",
"product_ids": [
"7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "hibernate-validator: Improper input validation in the interpolation of constraint error messages"
},
{
"acknowledgments": [
{
"names": [
"Mark Banierink"
],
"organization": "Nedap"
}
],
"cve": "CVE-2020-10714",
"cwe": {
"id": "CWE-384",
"name": "Session Fixation"
},
"discovery_date": "2020-03-24T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1825714"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WildFly Elytron version 1.11.3.Final and before. When using WildFly Elytron FORM authentication with a session ID in the URL, an attacker could perform a session fixation attack. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "wildfly-elytron: session fixation when using FORM authentication",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-10714"
},
{
"category": "external",
"summary": "RHBZ#1825714",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1825714"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-10714",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10714"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10714",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10714"
}
],
"release_date": "2020-04-28T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-08-17T13:28:06+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3462"
},
{
"category": "workaround",
"details": "This attack is dependent on the attacker being able to create a session and the victim accessing the session before the session expires, we do have a 15 minute session timeout by default but the attacker could also keep this alive by say sending in a request every five minutes.\n\nThe server by default supports session tracking by URL and Cookie, if the web.xml is updated to support COOKIE only the exploit is not possible by sharing the link.\n~~~\n \u003csession-config\u003e\n \u003ctracking-mode\u003eURL\u003c/tracking-mode\u003e\n \u003c/session-config\u003e\n~~~\nTO\n~~~\n \u003csession-config\u003e\n \u003ctracking-mode\u003eCOOKIE\u003c/tracking-mode\u003e\n \u003c/session-config\u003e\n~~~",
"product_ids": [
"7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "wildfly-elytron: session fixation when using FORM authentication"
},
{
"acknowledgments": [
{
"names": [
"James R. Perkins"
],
"organization": "Red Hat",
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2020-10718",
"cwe": {
"id": "CWE-749",
"name": "Exposed Dangerous Method or Function"
},
"discovery_date": "2020-03-09T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1828476"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Wildfly, where the embedded managed process API has an exposed setting of the Thread Context Classloader (TCCL). This setting is exposed as a public method, which can bypass the security manager. The highest threat from this vulnerability is to confidentiality.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "wildfly: exposed setting of TCCL via the EmbeddedManagedProcess API",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-10718"
},
{
"category": "external",
"summary": "RHBZ#1828476",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828476"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-10718",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10718"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10718",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10718"
}
],
"release_date": "2020-08-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-08-17T13:28:06+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3462"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "wildfly: exposed setting of TCCL via the EmbeddedManagedProcess API"
},
{
"acknowledgments": [
{
"names": [
"Moritz Bechler"
],
"organization": "SySS GmbH"
}
],
"cve": "CVE-2020-10740",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2020-03-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1834512"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Wildfly. A remote deserialization attack is possible in the Enterprise Application Beans (EJB) due to lack of validation/filtering capabilities in wildfly. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availablity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "wildfly: unsafe deserialization in Wildfly Enterprise Java Beans",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-10740"
},
{
"category": "external",
"summary": "RHBZ#1834512",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1834512"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-10740",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10740"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10740",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10740"
}
],
"release_date": "2020-06-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-08-17T13:28:06+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3462"
},
{
"category": "workaround",
"details": "There is currently no known mitigation for this issue.",
"product_ids": [
"7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "wildfly: unsafe deserialization in Wildfly Enterprise Java Beans"
},
{
"cve": "CVE-2020-11612",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2020-03-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1816216"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Netty in the way it handles the amount of data it compresses and decompresses. The Compression/Decompression codecs should enforce memory allocation size limits to avoid an Out of Memory Error (OOME) or exhaustion of the memory pool.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "netty: compression/decompression codecs don\u0027t enforce limits on buffer allocation sizes",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "In OpenShift Container Platform end users don\u0027t have direct access to send requests to ElasticSearch. A user could need access to the ElasticSearch service on the internal cluster network in order to be able to send malicious requests to it.\n\n\nThird party scanners flagging Red Hat Satellite due to availability of the higher version packages in Red Hat AMQ Clients (through errata RHSA-2020:2605) compare to the qpid packages from Satellite Tools repository. qpid dependency fixed in errata RHSA-2020:2605 was for Red Hat AMQ Clients and it doesn\u0027t necessarily mean that packages from Satellite Tools are affected. These are two different products with different architecture and code-base. Updating the packages from any other repository than the Satellite-tools repository is not recommended for Satellite Customers. \n\nRed Hat Satellite 6.7 and earlier ship affected version of netty, however, there is no external connection being exposed and it is used by only Artemis to open an internal connection within the JVM. Since netty does not come into contact with untrusted data, vulnerability is not exposed in product code and there is no breach of Confidentiality, Integrity or Availability expected from this vulnerability. We may update the netty and its dependency in a future release.\n\nMore information regarding Satellite related packages can be found on KCS: https://access.redhat.com/solutions/5200591",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-11612"
},
{
"category": "external",
"summary": "RHBZ#1816216",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816216"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-11612",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11612"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-11612",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11612"
}
],
"release_date": "2020-01-31T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-08-17T13:28:06+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3462"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "netty: compression/decompression codecs don\u0027t enforce limits on buffer allocation sizes"
},
{
"cve": "CVE-2020-14297",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2020-07-01T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1853595"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Wildfly\u0027s EJB Client, where the accumulation of specific EJB transaction objects over time can cause services to slow down and eventually become unavailable. This flaw allows an attacker to cause a denial of service. The highest threat from this vulnerability is to system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "wildfly: Some EJB transaction objects may get accumulated causing Denial of Service",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-14297"
},
{
"category": "external",
"summary": "RHBZ#1853595",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1853595"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-14297",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14297"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-14297",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14297"
}
],
"release_date": "2020-07-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-08-17T13:28:06+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3462"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "wildfly: Some EJB transaction objects may get accumulated causing Denial of Service"
},
{
"cve": "CVE-2020-14307",
"cwe": {
"id": "CWE-404",
"name": "Improper Resource Shutdown or Release"
},
"discovery_date": "2020-06-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1851327"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in Wildfly\u0027s Enterprise Java Beans (EJB), where SessionOpenInvocations are never removed from the remote InvocationTracker after a response is received in the EJB Client, as well as the server. This flaw allows an attacker to craft a denial of service attack to make the service unavailable.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "wildfly: EJB SessionOpenInvocations may not be removed properly after a response is received causing Denial of Service",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-14307"
},
{
"category": "external",
"summary": "RHBZ#1851327",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1851327"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-14307",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14307"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-14307",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14307"
}
],
"release_date": "2020-07-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-08-17T13:28:06+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3462"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "wildfly: EJB SessionOpenInvocations may not be removed properly after a response is received causing Denial of Service"
}
]
}
RHSA-2020:3463
Vulnerability from csaf_redhat - Published: 2020-08-17 13:28 - Updated: 2026-05-14 22:25Summary
Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.3.2 security update
Severity
Important
Notes
Topic: An update is now available for Red Hat JBoss Enterprise Application Platform 7.3 for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime.
This release of Red Hat JBoss Enterprise Application Platform 7.3.2 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.3.1 and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.3.2 Release Notes for information about the most significant bug fixes and enhancements included in this release.
Security Fix(es):
* wildfly: exposed setting of TCCL via the EmbeddedManagedProcess API (CVE-2020-10718)
* dom4j: XML External Entity vulnerability in default SAX parser (CVE-2020-10683)
* wildfly-elytron: session fixation when using FORM authentication (CVE-2020-10714)
* wildfly-undertow: Undertow: Incomplete fix for CVE-2017-2666 due to permitting invalid characters in HTTP requests (CVE-2020-10687)
* jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution (CVE-2020-10673)
* hibernate-core: hibernate: SQL injection issue in Hibernate ORM (CVE-2019-14900)
* wildfly: unsafe deserialization in Wildfly Enterprise Java Beans (CVE-2020-10740)
* jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution (CVE-2020-10672)
* undertow: EAP: field-name is not parsed in accordance to RFC7230 (CVE-2020-1710)
* hibernate-validator: Improper input validation in the interpolation of constraint error messages (CVE-2020-10693)
* wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain (CVE-2020-1748)
* wildfly: Some EJB transaction objects may get accumulated causing Denial of Service (CVE-2020-14297)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, see the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in Hibernate ORM. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks.
6.5 (Medium)
Affected products
Fixed
103 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was discovered in JBoss EAP, where it does not process the header field-name in accordance with RFC7230. Whitespace between the header field-name and colon is processed, resulting in an HTTP response code of 200 instead of a bad request of 400.
7.5 (High)
Affected products
Fixed
103 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in Wildfly, where the WildFlySecurityManager checks were bypassed when using custom security managers, resulting in an improper authorization. This flaw leads to information exposure by unauthenticated access to secure resources.
4.8 (Medium)
Affected products
Fixed
103 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
8.1 (High)
Affected products
Fixed
103 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
5.6 (Medium)
Affected products
Fixed
103 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
dom4j before 2.0.3 and 2.1.x before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j.
5.0 (Medium)
Affected products
Fixed
103 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was discovered in Undertow where HTTP request smuggling related to CVE-2017-2666 is possible against HTTP/1.x and HTTP/2 due to permitting invalid characters in an HTTP request. This flaw allows an attacker to poison a web-cache, perform an XSS attack, or obtain sensitive information from request other than their own.
4.8 (Medium)
Affected products
Fixed
103 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in Hibernate Validator version 6.1.2.Final. A bug in the message interpolation processor enables invalid EL expressions to be evaluated as if they were valid. This flaw allows attackers to bypass input sanitation (escaping, stripping) controls that developers may have put in place when handling user-controlled data in error messages.
5.3 (Medium)
Affected products
Fixed
103 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in WildFly Elytron version 1.11.3.Final and before. When using WildFly Elytron FORM authentication with a session ID in the URL, an attacker could perform a session fixation attack. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
7.5 (High)
Affected products
Fixed
103 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in Wildfly, where the embedded managed process API has an exposed setting of the Thread Context Classloader (TCCL). This setting is exposed as a public method, which can bypass the security manager. The highest threat from this vulnerability is to confidentiality.
5.9 (Medium)
Affected products
Fixed
103 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in Wildfly. A remote deserialization attack is possible in the Enterprise Application Beans (EJB) due to lack of validation/filtering capabilities in wildfly. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availablity.
7.5 (High)
Affected products
Fixed
103 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in Netty in the way it handles the amount of data it compresses and decompresses. The Compression/Decompression codecs should enforce memory allocation size limits to avoid an Out of Memory Error (OOME) or exhaustion of the memory pool.
7.5 (High)
Affected products
Fixed
103 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in Wildfly's EJB Client, where the accumulation of specific EJB transaction objects over time can cause services to slow down and eventually become unavailable. This flaw allows an attacker to cause a denial of service. The highest threat from this vulnerability is to system availability.
6.5 (Medium)
Affected products
Fixed
103 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A vulnerability was found in Wildfly's Enterprise Java Beans (EJB), where SessionOpenInvocations are never removed from the remote InvocationTracker after a response is received in the EJB Client, as well as the server. This flaw allows an attacker to craft a denial of service attack to make the service unavailable.
6.5 (Medium)
Affected products
Fixed
103 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
References
91 references
Acknowledgments
Red Hat
Guillaume Smet
Adith Sudhakar
Red Hat
Aaron Ogburn
GitHub Security Labs
Alvaro Muñoz
Nedap
Mark Banierink
Red Hat
James R. Perkins
SySS GmbH
Moritz Bechler
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update is now available for Red Hat JBoss Enterprise Application Platform 7.3 for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime.\n\nThis release of Red Hat JBoss Enterprise Application Platform 7.3.2 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.3.1 and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.3.2 Release Notes for information about the most significant bug fixes and enhancements included in this release.\n\nSecurity Fix(es):\n\n* wildfly: exposed setting of TCCL via the EmbeddedManagedProcess API (CVE-2020-10718)\n\n* dom4j: XML External Entity vulnerability in default SAX parser (CVE-2020-10683)\n\n* wildfly-elytron: session fixation when using FORM authentication (CVE-2020-10714)\n\n* wildfly-undertow: Undertow: Incomplete fix for CVE-2017-2666 due to permitting invalid characters in HTTP requests (CVE-2020-10687)\n\n* jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution (CVE-2020-10673)\n\n* hibernate-core: hibernate: SQL injection issue in Hibernate ORM (CVE-2019-14900)\n\n* wildfly: unsafe deserialization in Wildfly Enterprise Java Beans (CVE-2020-10740)\n\n* jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution (CVE-2020-10672)\n\n* undertow: EAP: field-name is not parsed in accordance to RFC7230 (CVE-2020-1710)\n\n* hibernate-validator: Improper input validation in the interpolation of constraint error messages (CVE-2020-10693)\n\n* wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain (CVE-2020-1748)\n\n* wildfly: Some EJB transaction objects may get accumulated causing Denial of Service (CVE-2020-14297)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, see the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2020:3463",
"url": "https://access.redhat.com/errata/RHSA-2020:3463"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/",
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/html-single/installation_guide/",
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/html-single/installation_guide/"
},
{
"category": "external",
"summary": "1666499",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1666499"
},
{
"category": "external",
"summary": "1694235",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1694235"
},
{
"category": "external",
"summary": "1785049",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1785049"
},
{
"category": "external",
"summary": "1793970",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1793970"
},
{
"category": "external",
"summary": "1805501",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1805501"
},
{
"category": "external",
"summary": "1807707",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1807707"
},
{
"category": "external",
"summary": "1815470",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1815470"
},
{
"category": "external",
"summary": "1815495",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1815495"
},
{
"category": "external",
"summary": "1825714",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1825714"
},
{
"category": "external",
"summary": "1828476",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828476"
},
{
"category": "external",
"summary": "1834512",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1834512"
},
{
"category": "external",
"summary": "1853595",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1853595"
},
{
"category": "external",
"summary": "JBEAP-19095",
"url": "https://issues.redhat.com/browse/JBEAP-19095"
},
{
"category": "external",
"summary": "JBEAP-19134",
"url": "https://issues.redhat.com/browse/JBEAP-19134"
},
{
"category": "external",
"summary": "JBEAP-19185",
"url": "https://issues.redhat.com/browse/JBEAP-19185"
},
{
"category": "external",
"summary": "JBEAP-19203",
"url": "https://issues.redhat.com/browse/JBEAP-19203"
},
{
"category": "external",
"summary": "JBEAP-19269",
"url": "https://issues.redhat.com/browse/JBEAP-19269"
},
{
"category": "external",
"summary": "JBEAP-19322",
"url": "https://issues.redhat.com/browse/JBEAP-19322"
},
{
"category": "external",
"summary": "JBEAP-19325",
"url": "https://issues.redhat.com/browse/JBEAP-19325"
},
{
"category": "external",
"summary": "JBEAP-19397",
"url": "https://issues.redhat.com/browse/JBEAP-19397"
},
{
"category": "external",
"summary": "JBEAP-19410",
"url": "https://issues.redhat.com/browse/JBEAP-19410"
},
{
"category": "external",
"summary": "JBEAP-19411",
"url": "https://issues.redhat.com/browse/JBEAP-19411"
},
{
"category": "external",
"summary": "JBEAP-19529",
"url": "https://issues.redhat.com/browse/JBEAP-19529"
},
{
"category": "external",
"summary": "JBEAP-19564",
"url": "https://issues.redhat.com/browse/JBEAP-19564"
},
{
"category": "external",
"summary": "JBEAP-19585",
"url": "https://issues.redhat.com/browse/JBEAP-19585"
},
{
"category": "external",
"summary": "JBEAP-19617",
"url": "https://issues.redhat.com/browse/JBEAP-19617"
},
{
"category": "external",
"summary": "JBEAP-19619",
"url": "https://issues.redhat.com/browse/JBEAP-19619"
},
{
"category": "external",
"summary": "JBEAP-19673",
"url": "https://issues.redhat.com/browse/JBEAP-19673"
},
{
"category": "external",
"summary": "JBEAP-19674",
"url": "https://issues.redhat.com/browse/JBEAP-19674"
},
{
"category": "external",
"summary": "JBEAP-19874",
"url": "https://issues.redhat.com/browse/JBEAP-19874"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_3463.json"
}
],
"title": "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.3.2 security update",
"tracking": {
"current_release_date": "2026-05-14T22:25:34+00:00",
"generator": {
"date": "2026-05-14T22:25:34+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.0"
}
},
"id": "RHSA-2020:3463",
"initial_release_date": "2020-08-17T13:28:45+00:00",
"revision_history": [
{
"date": "2020-08-17T13:28:45+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2020-08-17T13:28:45+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-05-14T22:25:34+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat JBoss EAP 7.3 for BaseOS-8",
"product": {
"name": "Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss Enterprise Application Platform"
},
{
"branches": [
{
"category": "product_version",
"name": "eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap.src",
"product": {
"name": "eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap.src",
"product_id": "eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-elytron-web@1.6.2-1.Final_redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.src",
"product": {
"name": "eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.src",
"product_id": "eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-xnio-base@3.7.8-1.SP1_redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.src",
"product": {
"name": "eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.src",
"product_id": "eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-glassfish-jsf@2.3.9-11.SP11_redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.src",
"product": {
"name": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.src",
"product_id": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-jsf-api_2.3_spec@3.0.0-4.SP04_redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.src",
"product": {
"name": "eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.src",
"product_id": "eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-elytron@1.10.7-1.Final_redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.src",
"product": {
"name": "eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.src",
"product_id": "eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-netty@4.1.48-1.Final_redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.src",
"product": {
"name": "eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.src",
"product_id": "eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-infinispan@9.4.19-1.Final_redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.src",
"product": {
"name": "eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.src",
"product_id": "eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-databind@2.10.4-1.redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.src",
"product": {
"name": "eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.src",
"product_id": "eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-common@1.5.2-1.Final_redhat_00002.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src",
"product": {
"name": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src",
"product_id": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-dom4j@2.1.3-1.redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src",
"product": {
"name": "eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src",
"product_id": "eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-logmanager@2.1.15-1.Final_redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src",
"product": {
"name": "eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src",
"product_id": "eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate@5.3.17-1.Final_redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src",
"product": {
"name": "eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src",
"product_id": "eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-validator@6.0.20-1.Final_redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src",
"product": {
"name": "eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src",
"product_id": "eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-genericjms@2.0.6-1.Final_redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.src",
"product": {
"name": "eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.src",
"product_id": "eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hal-console@3.2.9-1.Final_redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src",
"product": {
"name": "eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src",
"product_id": "eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar@1.4.22-1.Final_redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src",
"product": {
"name": "eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src",
"product_id": "eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-undertow@2.0.30-4.SP4_redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.src",
"product": {
"name": "eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.src",
"product_id": "eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-annotations@2.10.4-1.redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.src",
"product": {
"name": "eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.src",
"product_id": "eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-core@2.10.4-1.redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap.src",
"product": {
"name": "eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap.src",
"product_id": "eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-jaxrs-providers@2.10.4-1.redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.src",
"product": {
"name": "eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.src",
"product_id": "eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-modules-java8@2.10.4-1.redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.src",
"product": {
"name": "eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.src",
"product_id": "eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-modules-base@2.10.4-1.redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.src",
"product": {
"name": "eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.src",
"product_id": "eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration@1.7.1-7.Final_redhat_00009.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src",
"product": {
"name": "eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src",
"product_id": "eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-http-client@1.0.22-1.Final_redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.src",
"product": {
"name": "eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.src",
"product_id": "eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly@7.3.2-4.GA_redhat_00002.1.el8eap?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-undertow-server@1.6.2-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-xnio-base@3.7.8-1.SP1_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-glassfish-jsf@2.3.9-11.SP11_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-jsf-api_2.3_spec@3.0.0-4.SP04_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-elytron@1.10.7-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-elytron-tool@1.10.7-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-netty@4.1.48-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-netty-all@4.1.48-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-infinispan@9.4.19-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-infinispan-cachestore-jdbc@9.4.19-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-infinispan-cachestore-remote@9.4.19-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-infinispan-client-hotrod@9.4.19-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-infinispan-commons@9.4.19-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-infinispan-core@9.4.19-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-infinispan-hibernate-cache-commons@9.4.19-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-infinispan-hibernate-cache-spi@9.4.19-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-infinispan-hibernate-cache-v53@9.4.19-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"product_id": "eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-databind@2.10.4-1.redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.noarch",
"product": {
"name": "eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.noarch",
"product_id": "eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-common@1.5.2-1.Final_redhat_00002.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch",
"product_id": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-dom4j@2.1.3-1.redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-logmanager@2.1.15-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate@5.3.17-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-core@5.3.17-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-entitymanager@5.3.17-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-envers@5.3.17-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-java8@5.3.17-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-validator@6.0.20-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-validator-cdi@6.0.20-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-genericjms@2.0.6-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hal-console@3.2.9-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar@1.4.22-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar-common-api@1.4.22-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar-common-impl@1.4.22-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar-common-spi@1.4.22-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar-core-api@1.4.22-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar-core-impl@1.4.22-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar-deployers-common@1.4.22-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar-jdbc@1.4.22-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar-validator@1.4.22-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-undertow@2.0.30-4.SP4_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"product_id": "eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-annotations@2.10.4-1.redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"product_id": "eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-core@2.10.4-1.redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"product_id": "eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-jaxrs-base@2.10.4-1.redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"product_id": "eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-jaxrs-json-provider@2.10.4-1.redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"product_id": "eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-datatype-jdk8@2.10.4-1.redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"product_id": "eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-datatype-jsr310@2.10.4-1.redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"product_id": "eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-modules-java8@2.10.4-1.redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"product_id": "eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-module-jaxb-annotations@2.10.4-1.redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"product_id": "eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-modules-base@2.10.4-1.redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"product_id": "eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration@1.7.1-7.Final_redhat_00009.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"product_id": "eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-cli@1.7.1-7.Final_redhat_00009.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"product_id": "eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-core@1.7.1-7.Final_redhat_00009.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"product_id": "eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap6.4@1.7.1-7.Final_redhat_00009.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"product_id": "eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap6.4-to-eap7.3@1.7.1-7.Final_redhat_00009.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"product_id": "eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.0@1.7.1-7.Final_redhat_00009.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"product_id": "eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.1@1.7.1-7.Final_redhat_00009.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"product_id": "eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.2@1.7.1-7.Final_redhat_00009.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"product_id": "eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.2-to-eap7.3@1.7.1-7.Final_redhat_00009.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"product_id": "eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.3-server@1.7.1-7.Final_redhat_00009.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly10.0@1.7.1-7.Final_redhat_00009.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly10.1@1.7.1-7.Final_redhat_00009.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly11.0@1.7.1-7.Final_redhat_00009.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly12.0@1.7.1-7.Final_redhat_00009.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly13.0-server@1.7.1-7.Final_redhat_00009.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly14.0-server@1.7.1-7.Final_redhat_00009.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly15.0-server@1.7.1-7.Final_redhat_00009.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly16.0-server@1.7.1-7.Final_redhat_00009.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly17.0-server@1.7.1-7.Final_redhat_00009.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly18.0-server@1.7.1-7.Final_redhat_00009.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly8.2@1.7.1-7.Final_redhat_00009.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly9.0@1.7.1-7.Final_redhat_00009.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-http-client-common@1.0.22-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-http-ejb-client@1.0.22-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-http-naming-client@1.0.22-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-http-transaction-client@1.0.22-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch",
"product": {
"name": "eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch",
"product_id": "eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly@7.3.2-4.GA_redhat_00002.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch",
"product": {
"name": "eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch",
"product_id": "eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-javadocs@7.3.2-4.GA_redhat_00002.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch",
"product": {
"name": "eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch",
"product_id": "eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-modules@7.3.2-4.GA_redhat_00002.1.el8eap?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src"
},
"product_reference": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap.src"
},
"product_reference": "eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.src"
},
"product_reference": "eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.src"
},
"product_reference": "eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src"
},
"product_reference": "eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src"
},
"product_reference": "eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.src"
},
"product_reference": "eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src"
},
"product_reference": "eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.src"
},
"product_reference": "eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.src"
},
"product_reference": "eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.src"
},
"product_reference": "eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap.src"
},
"product_reference": "eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.src"
},
"product_reference": "eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.src"
},
"product_reference": "eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src"
},
"product_reference": "eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.src"
},
"product_reference": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src"
},
"product_reference": "eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.src as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.src"
},
"product_reference": "eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.src"
},
"product_reference": "eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.src"
},
"product_reference": "eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src"
},
"product_reference": "eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch"
},
"product_reference": "eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.src as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.src"
},
"product_reference": "eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.noarch"
},
"product_reference": "eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.src as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.src"
},
"product_reference": "eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.src"
},
"product_reference": "eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src"
},
"product_reference": "eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch"
},
"product_reference": "eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch"
},
"product_reference": "eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.3"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Guillaume Smet"
],
"organization": "Red Hat",
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2019-14900",
"cwe": {
"id": "CWE-89",
"name": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)"
},
"discovery_date": "2019-01-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1666499"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Hibernate ORM. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "hibernate: SQL injection issue in Hibernate ORM",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "OpenDaylight:\nIn RHOSP10, RHOSP13 and RHOSP14 editions of Red Hat OpenStack platform, the hibernate-jfa library shipped with OpenDaylight is contains a flaw in the processing of SQL queries. The hibernate-jha implemenation is not used in a vulnerable way in OpenDaylight, preventing the potential for SQL injection.\n\nRed Hat Satellite 6.2, 6.3 and 6.4 contains affected versions of hibernate-core in its candlepin component. However, that component does not use hibernate-core in a vulnerable way.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-14900"
},
{
"category": "external",
"summary": "RHBZ#1666499",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1666499"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-14900",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14900"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-14900",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14900"
}
],
"release_date": "2020-05-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-08-17T13:28:45+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3463"
},
{
"category": "workaround",
"details": "There is no currently known mitigation for this flaw.",
"product_ids": [
"8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "hibernate: SQL injection issue in Hibernate ORM"
},
{
"cve": "CVE-2020-1710",
"cwe": {
"id": "CWE-113",
"name": "Improper Neutralization of CRLF Sequences in HTTP Headers (\u0027HTTP Request/Response Splitting\u0027)"
},
"discovery_date": "2019-12-20T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1793970"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was discovered in JBoss EAP, where it does not process the header field-name in accordance with RFC7230. Whitespace between the header field-name and colon is processed, resulting in an HTTP response code of 200 instead of a bad request of 400.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "EAP: field-name is not parsed in accordance to RFC7230",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-1710"
},
{
"category": "external",
"summary": "RHBZ#1793970",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1793970"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-1710",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1710"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1710",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1710"
}
],
"release_date": "2020-08-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-08-17T13:28:45+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3463"
},
{
"category": "workaround",
"details": "There is currently no known mitigation for this issue.",
"product_ids": [
"8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "EAP: field-name is not parsed in accordance to RFC7230"
},
{
"cve": "CVE-2020-1748",
"cwe": {
"id": "CWE-285",
"name": "Improper Authorization"
},
"discovery_date": "2020-02-26T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1807707"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Wildfly, where the WildFlySecurityManager checks were bypassed when using custom security managers, resulting in an improper authorization. This flaw leads to information exposure by unauthenticated access to secure resources.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-1748"
},
{
"category": "external",
"summary": "RHBZ#1807707",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1807707"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-1748",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1748"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1748",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1748"
}
],
"release_date": "2020-08-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-08-17T13:28:45+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3463"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain"
},
{
"cve": "CVE-2020-10672",
"cwe": {
"id": "CWE-96",
"name": "Improper Neutralization of Directives in Statically Saved Code (\u0027Static Code Injection\u0027)"
},
"discovery_date": "2020-03-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1815495"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-10672"
},
{
"category": "external",
"summary": "RHBZ#1815495",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1815495"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-10672",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10672"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10672",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10672"
}
],
"release_date": "2020-03-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-08-17T13:28:45+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3463"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution"
},
{
"cve": "CVE-2020-10673",
"cwe": {
"id": "CWE-96",
"name": "Improper Neutralization of Directives in Statically Saved Code (\u0027Static Code Injection\u0027)"
},
"discovery_date": "2020-03-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1815470"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time. Additionally, the gadget is not available within Red Hat Openstack Platform\u0027s OpenDaylight.\n\nWhile OpenShift Container Platform\u0027s elasticsearch plugins do ship the vulnerable component, it doesn\u0027t do any of the unsafe things described in https://access.redhat.com/solutions/3279231. We may update the jackson-databind dependency in a future release.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-10673"
},
{
"category": "external",
"summary": "RHBZ#1815470",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1815470"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-10673",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10673"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10673",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10673"
}
],
"release_date": "2020-03-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-08-17T13:28:45+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3463"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution"
},
{
"acknowledgments": [
{
"names": [
"Adith Sudhakar"
]
}
],
"cve": "CVE-2020-10683",
"cwe": {
"id": "CWE-611",
"name": "Improper Restriction of XML External Entity Reference"
},
"discovery_date": "2019-03-28T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1694235"
}
],
"notes": [
{
"category": "description",
"text": "dom4j before 2.0.3 and 2.1.x before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "dom4j: XML External Entity vulnerability in default SAX parser",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "OpenShift Container Platform ships a vulnerable version of dom4j library. However it\u0027s used to parse configuration files, which are local disk resources. We\u0027ve rated this issue with a moderate impact for OpenShift Container Platform.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-10683"
},
{
"category": "external",
"summary": "RHBZ#1694235",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1694235"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-10683",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10683"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10683",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10683"
}
],
"release_date": "2020-04-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-08-17T13:28:45+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3463"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "dom4j: XML External Entity vulnerability in default SAX parser"
},
{
"acknowledgments": [
{
"names": [
"Aaron Ogburn"
],
"organization": "Red Hat",
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2020-10687",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"discovery_date": "2019-06-27T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1785049"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was discovered in Undertow where HTTP request smuggling related to CVE-2017-2666 is possible against HTTP/1.x and HTTP/2 due to permitting invalid characters in an HTTP request. This flaw allows an attacker to poison a web-cache, perform an XSS attack, or obtain sensitive information from request other than their own.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Undertow: Incomplete fix for CVE-2017-2666 due to permitting invalid characters in HTTP requests",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-10687"
},
{
"category": "external",
"summary": "RHBZ#1785049",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1785049"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-10687",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10687"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10687",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10687"
}
],
"release_date": "2020-04-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-08-17T13:28:45+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3463"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Undertow: Incomplete fix for CVE-2017-2666 due to permitting invalid characters in HTTP requests"
},
{
"acknowledgments": [
{
"names": [
"Alvaro Mu\u00f1oz"
],
"organization": "GitHub Security Labs"
}
],
"cve": "CVE-2020-10693",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2020-02-05T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1805501"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Hibernate Validator version 6.1.2.Final. A bug in the message interpolation processor enables invalid EL expressions to be evaluated as if they were valid. This flaw allows attackers to bypass input sanitation (escaping, stripping) controls that developers may have put in place when handling user-controlled data in error messages.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "hibernate-validator: Improper input validation in the interpolation of constraint error messages",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "hibernate-validator is packaged with Red Hat OpenStack Platform 13.0\u0027s OpenDaylight (ODL). However, because ODL is technical preview in this version and the flaw is moderate, Red Hat will not be releasing a fix for the OpenStack package at this time.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-10693"
},
{
"category": "external",
"summary": "RHBZ#1805501",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1805501"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-10693",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10693"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10693",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10693"
}
],
"release_date": "2020-05-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-08-17T13:28:45+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3463"
},
{
"category": "workaround",
"details": "You can pass user input as an expression variable by unwrapping the context to HibernateConstraintValidatorContext. Please refer to the https://in.relation.to/2020/05/07/hibernate-validator-615-6020-released/ and https://docs.jboss.org/hibernate/stable/validator/reference/en-US/html_single/#_the_code_constraintvalidatorcontext_code.",
"product_ids": [
"8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "hibernate-validator: Improper input validation in the interpolation of constraint error messages"
},
{
"acknowledgments": [
{
"names": [
"Mark Banierink"
],
"organization": "Nedap"
}
],
"cve": "CVE-2020-10714",
"cwe": {
"id": "CWE-384",
"name": "Session Fixation"
},
"discovery_date": "2020-03-24T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1825714"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WildFly Elytron version 1.11.3.Final and before. When using WildFly Elytron FORM authentication with a session ID in the URL, an attacker could perform a session fixation attack. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "wildfly-elytron: session fixation when using FORM authentication",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-10714"
},
{
"category": "external",
"summary": "RHBZ#1825714",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1825714"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-10714",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10714"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10714",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10714"
}
],
"release_date": "2020-04-28T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-08-17T13:28:45+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3463"
},
{
"category": "workaround",
"details": "This attack is dependent on the attacker being able to create a session and the victim accessing the session before the session expires, we do have a 15 minute session timeout by default but the attacker could also keep this alive by say sending in a request every five minutes.\n\nThe server by default supports session tracking by URL and Cookie, if the web.xml is updated to support COOKIE only the exploit is not possible by sharing the link.\n~~~\n \u003csession-config\u003e\n \u003ctracking-mode\u003eURL\u003c/tracking-mode\u003e\n \u003c/session-config\u003e\n~~~\nTO\n~~~\n \u003csession-config\u003e\n \u003ctracking-mode\u003eCOOKIE\u003c/tracking-mode\u003e\n \u003c/session-config\u003e\n~~~",
"product_ids": [
"8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "wildfly-elytron: session fixation when using FORM authentication"
},
{
"acknowledgments": [
{
"names": [
"James R. Perkins"
],
"organization": "Red Hat",
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2020-10718",
"cwe": {
"id": "CWE-749",
"name": "Exposed Dangerous Method or Function"
},
"discovery_date": "2020-03-09T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1828476"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Wildfly, where the embedded managed process API has an exposed setting of the Thread Context Classloader (TCCL). This setting is exposed as a public method, which can bypass the security manager. The highest threat from this vulnerability is to confidentiality.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "wildfly: exposed setting of TCCL via the EmbeddedManagedProcess API",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-10718"
},
{
"category": "external",
"summary": "RHBZ#1828476",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828476"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-10718",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10718"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10718",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10718"
}
],
"release_date": "2020-08-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-08-17T13:28:45+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3463"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "wildfly: exposed setting of TCCL via the EmbeddedManagedProcess API"
},
{
"acknowledgments": [
{
"names": [
"Moritz Bechler"
],
"organization": "SySS GmbH"
}
],
"cve": "CVE-2020-10740",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2020-03-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1834512"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Wildfly. A remote deserialization attack is possible in the Enterprise Application Beans (EJB) due to lack of validation/filtering capabilities in wildfly. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availablity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "wildfly: unsafe deserialization in Wildfly Enterprise Java Beans",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-10740"
},
{
"category": "external",
"summary": "RHBZ#1834512",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1834512"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-10740",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10740"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10740",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10740"
}
],
"release_date": "2020-06-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-08-17T13:28:45+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3463"
},
{
"category": "workaround",
"details": "There is currently no known mitigation for this issue.",
"product_ids": [
"8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "wildfly: unsafe deserialization in Wildfly Enterprise Java Beans"
},
{
"cve": "CVE-2020-11612",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2020-03-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1816216"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Netty in the way it handles the amount of data it compresses and decompresses. The Compression/Decompression codecs should enforce memory allocation size limits to avoid an Out of Memory Error (OOME) or exhaustion of the memory pool.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "netty: compression/decompression codecs don\u0027t enforce limits on buffer allocation sizes",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "In OpenShift Container Platform end users don\u0027t have direct access to send requests to ElasticSearch. A user could need access to the ElasticSearch service on the internal cluster network in order to be able to send malicious requests to it.\n\n\nThird party scanners flagging Red Hat Satellite due to availability of the higher version packages in Red Hat AMQ Clients (through errata RHSA-2020:2605) compare to the qpid packages from Satellite Tools repository. qpid dependency fixed in errata RHSA-2020:2605 was for Red Hat AMQ Clients and it doesn\u0027t necessarily mean that packages from Satellite Tools are affected. These are two different products with different architecture and code-base. Updating the packages from any other repository than the Satellite-tools repository is not recommended for Satellite Customers. \n\nRed Hat Satellite 6.7 and earlier ship affected version of netty, however, there is no external connection being exposed and it is used by only Artemis to open an internal connection within the JVM. Since netty does not come into contact with untrusted data, vulnerability is not exposed in product code and there is no breach of Confidentiality, Integrity or Availability expected from this vulnerability. We may update the netty and its dependency in a future release.\n\nMore information regarding Satellite related packages can be found on KCS: https://access.redhat.com/solutions/5200591",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-11612"
},
{
"category": "external",
"summary": "RHBZ#1816216",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816216"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-11612",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11612"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-11612",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11612"
}
],
"release_date": "2020-01-31T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-08-17T13:28:45+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3463"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "netty: compression/decompression codecs don\u0027t enforce limits on buffer allocation sizes"
},
{
"cve": "CVE-2020-14297",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2020-07-01T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1853595"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Wildfly\u0027s EJB Client, where the accumulation of specific EJB transaction objects over time can cause services to slow down and eventually become unavailable. This flaw allows an attacker to cause a denial of service. The highest threat from this vulnerability is to system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "wildfly: Some EJB transaction objects may get accumulated causing Denial of Service",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-14297"
},
{
"category": "external",
"summary": "RHBZ#1853595",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1853595"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-14297",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14297"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-14297",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14297"
}
],
"release_date": "2020-07-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-08-17T13:28:45+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3463"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "wildfly: Some EJB transaction objects may get accumulated causing Denial of Service"
},
{
"cve": "CVE-2020-14307",
"cwe": {
"id": "CWE-404",
"name": "Improper Resource Shutdown or Release"
},
"discovery_date": "2020-06-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1851327"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in Wildfly\u0027s Enterprise Java Beans (EJB), where SessionOpenInvocations are never removed from the remote InvocationTracker after a response is received in the EJB Client, as well as the server. This flaw allows an attacker to craft a denial of service attack to make the service unavailable.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "wildfly: EJB SessionOpenInvocations may not be removed properly after a response is received causing Denial of Service",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-14307"
},
{
"category": "external",
"summary": "RHBZ#1851327",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1851327"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-14307",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14307"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-14307",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14307"
}
],
"release_date": "2020-07-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-08-17T13:28:45+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3463"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "wildfly: EJB SessionOpenInvocations may not be removed properly after a response is received causing Denial of Service"
}
]
}
RHSA-2020:3464
Vulnerability from csaf_redhat - Published: 2020-08-17 13:25 - Updated: 2026-05-14 22:25Summary
Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.3.2 security update
Severity
Important
Notes
Topic: An update is now available for Red Hat JBoss Enterprise Application Platform 7.3.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime.
This release of Red Hat JBoss Enterprise Application Platform 7.3.2 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.3.1, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.3.2 Release Notes for information about the most significant bug fixes and enhancements included in this release.
Security Fix(es):
* wildfly: exposed setting of TCCL via the EmbeddedManagedProcess API (CVE-2020-10718)
* dom4j: XML External Entity vulnerability in default SAX parser (CVE-2020-10683)
* wildfly-elytron: session fixation when using FORM authentication (CVE-2020-10714)
* wildfly-undertow: Undertow: Incomplete fix for CVE-2017-2666 due to permitting invalid characters in HTTP requests (CVE-2020-10687)
* jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution (CVE-2020-10673)
* hibernate-core: hibernate: SQL injection issue in Hibernate ORM (CVE-2019-14900)
* wildfly: unsafe deserialization in Wildfly Enterprise Java Beans (CVE-2020-10740)
* jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution (CVE-2020-10672)
* undertow: EAP: field-name is not parsed in accordance to RFC7230 (CVE-2020-1710)
* hibernate-validator: Improper input validation in the interpolation of constraint error messages (CVE-2020-10693)
* wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain (CVE-2020-1748)
* wildfly: Some EJB transaction objects may get accumulated causing Denial of Service (CVE-2020-14297)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, see the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in Hibernate ORM. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks.
6.5 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat JBoss Enterprise Application Platform 7
Red Hat / Red Hat JBoss Enterprise Application Platform
|
cpe:/a:redhat:jboss_enterprise_application_platform:7.3.0
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was discovered in JBoss EAP, where it does not process the header field-name in accordance with RFC7230. Whitespace between the header field-name and colon is processed, resulting in an HTTP response code of 200 instead of a bad request of 400.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat JBoss Enterprise Application Platform 7
Red Hat / Red Hat JBoss Enterprise Application Platform
|
cpe:/a:redhat:jboss_enterprise_application_platform:7.3.0
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in Wildfly, where the WildFlySecurityManager checks were bypassed when using custom security managers, resulting in an improper authorization. This flaw leads to information exposure by unauthenticated access to secure resources.
4.8 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat JBoss Enterprise Application Platform 7
Red Hat / Red Hat JBoss Enterprise Application Platform
|
cpe:/a:redhat:jboss_enterprise_application_platform:7.3.0
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
8.1 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat JBoss Enterprise Application Platform 7
Red Hat / Red Hat JBoss Enterprise Application Platform
|
cpe:/a:redhat:jboss_enterprise_application_platform:7.3.0
|
— |
Vendor Fix
fix
|
Threats
Impact
Important
A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
5.6 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat JBoss Enterprise Application Platform 7
Red Hat / Red Hat JBoss Enterprise Application Platform
|
cpe:/a:redhat:jboss_enterprise_application_platform:7.3.0
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
dom4j before 2.0.3 and 2.1.x before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j.
5.0 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat JBoss Enterprise Application Platform 7
Red Hat / Red Hat JBoss Enterprise Application Platform
|
cpe:/a:redhat:jboss_enterprise_application_platform:7.3.0
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was discovered in Undertow where HTTP request smuggling related to CVE-2017-2666 is possible against HTTP/1.x and HTTP/2 due to permitting invalid characters in an HTTP request. This flaw allows an attacker to poison a web-cache, perform an XSS attack, or obtain sensitive information from request other than their own.
4.8 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat JBoss Enterprise Application Platform 7
Red Hat / Red Hat JBoss Enterprise Application Platform
|
cpe:/a:redhat:jboss_enterprise_application_platform:7.3.0
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in Hibernate Validator version 6.1.2.Final. A bug in the message interpolation processor enables invalid EL expressions to be evaluated as if they were valid. This flaw allows attackers to bypass input sanitation (escaping, stripping) controls that developers may have put in place when handling user-controlled data in error messages.
5.3 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat JBoss Enterprise Application Platform 7
Red Hat / Red Hat JBoss Enterprise Application Platform
|
cpe:/a:redhat:jboss_enterprise_application_platform:7.3.0
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in WildFly Elytron version 1.11.3.Final and before. When using WildFly Elytron FORM authentication with a session ID in the URL, an attacker could perform a session fixation attack. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat JBoss Enterprise Application Platform 7
Red Hat / Red Hat JBoss Enterprise Application Platform
|
cpe:/a:redhat:jboss_enterprise_application_platform:7.3.0
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in Wildfly, where the embedded managed process API has an exposed setting of the Thread Context Classloader (TCCL). This setting is exposed as a public method, which can bypass the security manager. The highest threat from this vulnerability is to confidentiality.
5.9 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat JBoss Enterprise Application Platform 7
Red Hat / Red Hat JBoss Enterprise Application Platform
|
cpe:/a:redhat:jboss_enterprise_application_platform:7.3.0
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in Wildfly. A remote deserialization attack is possible in the Enterprise Application Beans (EJB) due to lack of validation/filtering capabilities in wildfly. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availablity.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat JBoss Enterprise Application Platform 7
Red Hat / Red Hat JBoss Enterprise Application Platform
|
cpe:/a:redhat:jboss_enterprise_application_platform:7.3.0
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in Netty in the way it handles the amount of data it compresses and decompresses. The Compression/Decompression codecs should enforce memory allocation size limits to avoid an Out of Memory Error (OOME) or exhaustion of the memory pool.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat JBoss Enterprise Application Platform 7
Red Hat / Red Hat JBoss Enterprise Application Platform
|
cpe:/a:redhat:jboss_enterprise_application_platform:7.3.0
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in Wildfly's EJB Client, where the accumulation of specific EJB transaction objects over time can cause services to slow down and eventually become unavailable. This flaw allows an attacker to cause a denial of service. The highest threat from this vulnerability is to system availability.
6.5 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat JBoss Enterprise Application Platform 7
Red Hat / Red Hat JBoss Enterprise Application Platform
|
cpe:/a:redhat:jboss_enterprise_application_platform:7.3.0
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A vulnerability was found in Wildfly's Enterprise Java Beans (EJB), where SessionOpenInvocations are never removed from the remote InvocationTracker after a response is received in the EJB Client, as well as the server. This flaw allows an attacker to craft a denial of service attack to make the service unavailable.
6.5 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat JBoss Enterprise Application Platform 7
Red Hat / Red Hat JBoss Enterprise Application Platform
|
cpe:/a:redhat:jboss_enterprise_application_platform:7.3.0
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
References
88 references
Acknowledgments
Red Hat
Guillaume Smet
Adith Sudhakar
Red Hat
Aaron Ogburn
GitHub Security Labs
Alvaro Muñoz
Nedap
Mark Banierink
Red Hat
James R. Perkins
SySS GmbH
Moritz Bechler
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update is now available for Red Hat JBoss Enterprise Application Platform 7.3.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime.\n\nThis release of Red Hat JBoss Enterprise Application Platform 7.3.2 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.3.1, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.3.2 Release Notes for information about the most significant bug fixes and enhancements included in this release.\n\nSecurity Fix(es):\n\n* wildfly: exposed setting of TCCL via the EmbeddedManagedProcess API (CVE-2020-10718)\n\n* dom4j: XML External Entity vulnerability in default SAX parser (CVE-2020-10683)\n\n* wildfly-elytron: session fixation when using FORM authentication (CVE-2020-10714)\n\n* wildfly-undertow: Undertow: Incomplete fix for CVE-2017-2666 due to permitting invalid characters in HTTP requests (CVE-2020-10687)\n\n* jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution (CVE-2020-10673)\n\n* hibernate-core: hibernate: SQL injection issue in Hibernate ORM (CVE-2019-14900)\n\n* wildfly: unsafe deserialization in Wildfly Enterprise Java Beans (CVE-2020-10740)\n\n* jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution (CVE-2020-10672)\n\n* undertow: EAP: field-name is not parsed in accordance to RFC7230 (CVE-2020-1710)\n\n* hibernate-validator: Improper input validation in the interpolation of constraint error messages (CVE-2020-10693)\n\n* wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain (CVE-2020-1748)\n\n* wildfly: Some EJB transaction objects may get accumulated causing Denial of Service (CVE-2020-14297)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, see the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2020:3464",
"url": "https://access.redhat.com/errata/RHSA-2020:3464"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "1666499",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1666499"
},
{
"category": "external",
"summary": "1694235",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1694235"
},
{
"category": "external",
"summary": "1785049",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1785049"
},
{
"category": "external",
"summary": "1793970",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1793970"
},
{
"category": "external",
"summary": "1805501",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1805501"
},
{
"category": "external",
"summary": "1807707",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1807707"
},
{
"category": "external",
"summary": "1815470",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1815470"
},
{
"category": "external",
"summary": "1815495",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1815495"
},
{
"category": "external",
"summary": "1825714",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1825714"
},
{
"category": "external",
"summary": "1828476",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828476"
},
{
"category": "external",
"summary": "1834512",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1834512"
},
{
"category": "external",
"summary": "1851327",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1851327"
},
{
"category": "external",
"summary": "1853595",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1853595"
},
{
"category": "external",
"summary": "JBEAP-19095",
"url": "https://issues.redhat.com/browse/JBEAP-19095"
},
{
"category": "external",
"summary": "JBEAP-19134",
"url": "https://issues.redhat.com/browse/JBEAP-19134"
},
{
"category": "external",
"summary": "JBEAP-19185",
"url": "https://issues.redhat.com/browse/JBEAP-19185"
},
{
"category": "external",
"summary": "JBEAP-19203",
"url": "https://issues.redhat.com/browse/JBEAP-19203"
},
{
"category": "external",
"summary": "JBEAP-19269",
"url": "https://issues.redhat.com/browse/JBEAP-19269"
},
{
"category": "external",
"summary": "JBEAP-19322",
"url": "https://issues.redhat.com/browse/JBEAP-19322"
},
{
"category": "external",
"summary": "JBEAP-19325",
"url": "https://issues.redhat.com/browse/JBEAP-19325"
},
{
"category": "external",
"summary": "JBEAP-19397",
"url": "https://issues.redhat.com/browse/JBEAP-19397"
},
{
"category": "external",
"summary": "JBEAP-19529",
"url": "https://issues.redhat.com/browse/JBEAP-19529"
},
{
"category": "external",
"summary": "JBEAP-19564",
"url": "https://issues.redhat.com/browse/JBEAP-19564"
},
{
"category": "external",
"summary": "JBEAP-19585",
"url": "https://issues.redhat.com/browse/JBEAP-19585"
},
{
"category": "external",
"summary": "JBEAP-19617",
"url": "https://issues.redhat.com/browse/JBEAP-19617"
},
{
"category": "external",
"summary": "JBEAP-19619",
"url": "https://issues.redhat.com/browse/JBEAP-19619"
},
{
"category": "external",
"summary": "JBEAP-19673",
"url": "https://issues.redhat.com/browse/JBEAP-19673"
},
{
"category": "external",
"summary": "JBEAP-19674",
"url": "https://issues.redhat.com/browse/JBEAP-19674"
},
{
"category": "external",
"summary": "JBEAP-19874",
"url": "https://issues.redhat.com/browse/JBEAP-19874"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_3464.json"
}
],
"title": "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.3.2 security update",
"tracking": {
"current_release_date": "2026-05-14T22:25:36+00:00",
"generator": {
"date": "2026-05-14T22:25:36+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.0"
}
},
"id": "RHSA-2020:3464",
"initial_release_date": "2020-08-17T13:25:19+00:00",
"revision_history": [
{
"date": "2020-08-17T13:25:19+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2020-08-17T13:25:19+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-05-14T22:25:36+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat JBoss Enterprise Application Platform 7",
"product": {
"name": "Red Hat JBoss Enterprise Application Platform 7",
"product_id": "Red Hat JBoss Enterprise Application Platform 7",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3.0"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss Enterprise Application Platform"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Guillaume Smet"
],
"organization": "Red Hat",
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2019-14900",
"cwe": {
"id": "CWE-89",
"name": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)"
},
"discovery_date": "2019-01-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1666499"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Hibernate ORM. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "hibernate: SQL injection issue in Hibernate ORM",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "OpenDaylight:\nIn RHOSP10, RHOSP13 and RHOSP14 editions of Red Hat OpenStack platform, the hibernate-jfa library shipped with OpenDaylight is contains a flaw in the processing of SQL queries. The hibernate-jha implemenation is not used in a vulnerable way in OpenDaylight, preventing the potential for SQL injection.\n\nRed Hat Satellite 6.2, 6.3 and 6.4 contains affected versions of hibernate-core in its candlepin component. However, that component does not use hibernate-core in a vulnerable way.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Enterprise Application Platform 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-14900"
},
{
"category": "external",
"summary": "RHBZ#1666499",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1666499"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-14900",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14900"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-14900",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14900"
}
],
"release_date": "2020-05-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-08-17T13:25:19+00:00",
"details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).\n\nThe JBoss server process must be restarted for the update to take effect.",
"product_ids": [
"Red Hat JBoss Enterprise Application Platform 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3464"
},
{
"category": "workaround",
"details": "There is no currently known mitigation for this flaw.",
"product_ids": [
"Red Hat JBoss Enterprise Application Platform 7"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat JBoss Enterprise Application Platform 7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "hibernate: SQL injection issue in Hibernate ORM"
},
{
"cve": "CVE-2020-1710",
"cwe": {
"id": "CWE-113",
"name": "Improper Neutralization of CRLF Sequences in HTTP Headers (\u0027HTTP Request/Response Splitting\u0027)"
},
"discovery_date": "2019-12-20T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1793970"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was discovered in JBoss EAP, where it does not process the header field-name in accordance with RFC7230. Whitespace between the header field-name and colon is processed, resulting in an HTTP response code of 200 instead of a bad request of 400.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "EAP: field-name is not parsed in accordance to RFC7230",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Enterprise Application Platform 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-1710"
},
{
"category": "external",
"summary": "RHBZ#1793970",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1793970"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-1710",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1710"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1710",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1710"
}
],
"release_date": "2020-08-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-08-17T13:25:19+00:00",
"details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).\n\nThe JBoss server process must be restarted for the update to take effect.",
"product_ids": [
"Red Hat JBoss Enterprise Application Platform 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3464"
},
{
"category": "workaround",
"details": "There is currently no known mitigation for this issue.",
"product_ids": [
"Red Hat JBoss Enterprise Application Platform 7"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat JBoss Enterprise Application Platform 7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "EAP: field-name is not parsed in accordance to RFC7230"
},
{
"cve": "CVE-2020-1748",
"cwe": {
"id": "CWE-285",
"name": "Improper Authorization"
},
"discovery_date": "2020-02-26T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1807707"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Wildfly, where the WildFlySecurityManager checks were bypassed when using custom security managers, resulting in an improper authorization. This flaw leads to information exposure by unauthenticated access to secure resources.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Enterprise Application Platform 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-1748"
},
{
"category": "external",
"summary": "RHBZ#1807707",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1807707"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-1748",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1748"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1748",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1748"
}
],
"release_date": "2020-08-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-08-17T13:25:19+00:00",
"details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).\n\nThe JBoss server process must be restarted for the update to take effect.",
"product_ids": [
"Red Hat JBoss Enterprise Application Platform 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3464"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat JBoss Enterprise Application Platform 7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain"
},
{
"cve": "CVE-2020-10672",
"cwe": {
"id": "CWE-96",
"name": "Improper Neutralization of Directives in Statically Saved Code (\u0027Static Code Injection\u0027)"
},
"discovery_date": "2020-03-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1815495"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Enterprise Application Platform 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-10672"
},
{
"category": "external",
"summary": "RHBZ#1815495",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1815495"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-10672",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10672"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10672",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10672"
}
],
"release_date": "2020-03-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-08-17T13:25:19+00:00",
"details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).\n\nThe JBoss server process must be restarted for the update to take effect.",
"product_ids": [
"Red Hat JBoss Enterprise Application Platform 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3464"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat JBoss Enterprise Application Platform 7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution"
},
{
"cve": "CVE-2020-10673",
"cwe": {
"id": "CWE-96",
"name": "Improper Neutralization of Directives in Statically Saved Code (\u0027Static Code Injection\u0027)"
},
"discovery_date": "2020-03-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1815470"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time. Additionally, the gadget is not available within Red Hat Openstack Platform\u0027s OpenDaylight.\n\nWhile OpenShift Container Platform\u0027s elasticsearch plugins do ship the vulnerable component, it doesn\u0027t do any of the unsafe things described in https://access.redhat.com/solutions/3279231. We may update the jackson-databind dependency in a future release.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Enterprise Application Platform 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-10673"
},
{
"category": "external",
"summary": "RHBZ#1815470",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1815470"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-10673",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10673"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10673",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10673"
}
],
"release_date": "2020-03-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-08-17T13:25:19+00:00",
"details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).\n\nThe JBoss server process must be restarted for the update to take effect.",
"product_ids": [
"Red Hat JBoss Enterprise Application Platform 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3464"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"Red Hat JBoss Enterprise Application Platform 7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution"
},
{
"acknowledgments": [
{
"names": [
"Adith Sudhakar"
]
}
],
"cve": "CVE-2020-10683",
"cwe": {
"id": "CWE-611",
"name": "Improper Restriction of XML External Entity Reference"
},
"discovery_date": "2019-03-28T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1694235"
}
],
"notes": [
{
"category": "description",
"text": "dom4j before 2.0.3 and 2.1.x before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "dom4j: XML External Entity vulnerability in default SAX parser",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "OpenShift Container Platform ships a vulnerable version of dom4j library. However it\u0027s used to parse configuration files, which are local disk resources. We\u0027ve rated this issue with a moderate impact for OpenShift Container Platform.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Enterprise Application Platform 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-10683"
},
{
"category": "external",
"summary": "RHBZ#1694235",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1694235"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-10683",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10683"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10683",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10683"
}
],
"release_date": "2020-04-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-08-17T13:25:19+00:00",
"details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).\n\nThe JBoss server process must be restarted for the update to take effect.",
"product_ids": [
"Red Hat JBoss Enterprise Application Platform 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3464"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"Red Hat JBoss Enterprise Application Platform 7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "dom4j: XML External Entity vulnerability in default SAX parser"
},
{
"acknowledgments": [
{
"names": [
"Aaron Ogburn"
],
"organization": "Red Hat",
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2020-10687",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"discovery_date": "2019-06-27T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1785049"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was discovered in Undertow where HTTP request smuggling related to CVE-2017-2666 is possible against HTTP/1.x and HTTP/2 due to permitting invalid characters in an HTTP request. This flaw allows an attacker to poison a web-cache, perform an XSS attack, or obtain sensitive information from request other than their own.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Undertow: Incomplete fix for CVE-2017-2666 due to permitting invalid characters in HTTP requests",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Enterprise Application Platform 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-10687"
},
{
"category": "external",
"summary": "RHBZ#1785049",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1785049"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-10687",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10687"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10687",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10687"
}
],
"release_date": "2020-04-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-08-17T13:25:19+00:00",
"details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).\n\nThe JBoss server process must be restarted for the update to take effect.",
"product_ids": [
"Red Hat JBoss Enterprise Application Platform 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3464"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"Red Hat JBoss Enterprise Application Platform 7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Undertow: Incomplete fix for CVE-2017-2666 due to permitting invalid characters in HTTP requests"
},
{
"acknowledgments": [
{
"names": [
"Alvaro Mu\u00f1oz"
],
"organization": "GitHub Security Labs"
}
],
"cve": "CVE-2020-10693",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2020-02-05T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1805501"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Hibernate Validator version 6.1.2.Final. A bug in the message interpolation processor enables invalid EL expressions to be evaluated as if they were valid. This flaw allows attackers to bypass input sanitation (escaping, stripping) controls that developers may have put in place when handling user-controlled data in error messages.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "hibernate-validator: Improper input validation in the interpolation of constraint error messages",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "hibernate-validator is packaged with Red Hat OpenStack Platform 13.0\u0027s OpenDaylight (ODL). However, because ODL is technical preview in this version and the flaw is moderate, Red Hat will not be releasing a fix for the OpenStack package at this time.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Enterprise Application Platform 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-10693"
},
{
"category": "external",
"summary": "RHBZ#1805501",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1805501"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-10693",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10693"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10693",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10693"
}
],
"release_date": "2020-05-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-08-17T13:25:19+00:00",
"details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).\n\nThe JBoss server process must be restarted for the update to take effect.",
"product_ids": [
"Red Hat JBoss Enterprise Application Platform 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3464"
},
{
"category": "workaround",
"details": "You can pass user input as an expression variable by unwrapping the context to HibernateConstraintValidatorContext. Please refer to the https://in.relation.to/2020/05/07/hibernate-validator-615-6020-released/ and https://docs.jboss.org/hibernate/stable/validator/reference/en-US/html_single/#_the_code_constraintvalidatorcontext_code.",
"product_ids": [
"Red Hat JBoss Enterprise Application Platform 7"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat JBoss Enterprise Application Platform 7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "hibernate-validator: Improper input validation in the interpolation of constraint error messages"
},
{
"acknowledgments": [
{
"names": [
"Mark Banierink"
],
"organization": "Nedap"
}
],
"cve": "CVE-2020-10714",
"cwe": {
"id": "CWE-384",
"name": "Session Fixation"
},
"discovery_date": "2020-03-24T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1825714"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WildFly Elytron version 1.11.3.Final and before. When using WildFly Elytron FORM authentication with a session ID in the URL, an attacker could perform a session fixation attack. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "wildfly-elytron: session fixation when using FORM authentication",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Enterprise Application Platform 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-10714"
},
{
"category": "external",
"summary": "RHBZ#1825714",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1825714"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-10714",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10714"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10714",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10714"
}
],
"release_date": "2020-04-28T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-08-17T13:25:19+00:00",
"details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).\n\nThe JBoss server process must be restarted for the update to take effect.",
"product_ids": [
"Red Hat JBoss Enterprise Application Platform 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3464"
},
{
"category": "workaround",
"details": "This attack is dependent on the attacker being able to create a session and the victim accessing the session before the session expires, we do have a 15 minute session timeout by default but the attacker could also keep this alive by say sending in a request every five minutes.\n\nThe server by default supports session tracking by URL and Cookie, if the web.xml is updated to support COOKIE only the exploit is not possible by sharing the link.\n~~~\n \u003csession-config\u003e\n \u003ctracking-mode\u003eURL\u003c/tracking-mode\u003e\n \u003c/session-config\u003e\n~~~\nTO\n~~~\n \u003csession-config\u003e\n \u003ctracking-mode\u003eCOOKIE\u003c/tracking-mode\u003e\n \u003c/session-config\u003e\n~~~",
"product_ids": [
"Red Hat JBoss Enterprise Application Platform 7"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat JBoss Enterprise Application Platform 7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "wildfly-elytron: session fixation when using FORM authentication"
},
{
"acknowledgments": [
{
"names": [
"James R. Perkins"
],
"organization": "Red Hat",
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2020-10718",
"cwe": {
"id": "CWE-749",
"name": "Exposed Dangerous Method or Function"
},
"discovery_date": "2020-03-09T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1828476"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Wildfly, where the embedded managed process API has an exposed setting of the Thread Context Classloader (TCCL). This setting is exposed as a public method, which can bypass the security manager. The highest threat from this vulnerability is to confidentiality.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "wildfly: exposed setting of TCCL via the EmbeddedManagedProcess API",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Enterprise Application Platform 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-10718"
},
{
"category": "external",
"summary": "RHBZ#1828476",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828476"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-10718",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10718"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10718",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10718"
}
],
"release_date": "2020-08-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-08-17T13:25:19+00:00",
"details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).\n\nThe JBoss server process must be restarted for the update to take effect.",
"product_ids": [
"Red Hat JBoss Enterprise Application Platform 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3464"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat JBoss Enterprise Application Platform 7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "wildfly: exposed setting of TCCL via the EmbeddedManagedProcess API"
},
{
"acknowledgments": [
{
"names": [
"Moritz Bechler"
],
"organization": "SySS GmbH"
}
],
"cve": "CVE-2020-10740",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2020-03-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1834512"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Wildfly. A remote deserialization attack is possible in the Enterprise Application Beans (EJB) due to lack of validation/filtering capabilities in wildfly. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availablity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "wildfly: unsafe deserialization in Wildfly Enterprise Java Beans",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Enterprise Application Platform 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-10740"
},
{
"category": "external",
"summary": "RHBZ#1834512",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1834512"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-10740",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10740"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10740",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10740"
}
],
"release_date": "2020-06-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-08-17T13:25:19+00:00",
"details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).\n\nThe JBoss server process must be restarted for the update to take effect.",
"product_ids": [
"Red Hat JBoss Enterprise Application Platform 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3464"
},
{
"category": "workaround",
"details": "There is currently no known mitigation for this issue.",
"product_ids": [
"Red Hat JBoss Enterprise Application Platform 7"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat JBoss Enterprise Application Platform 7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "wildfly: unsafe deserialization in Wildfly Enterprise Java Beans"
},
{
"cve": "CVE-2020-11612",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2020-03-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1816216"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Netty in the way it handles the amount of data it compresses and decompresses. The Compression/Decompression codecs should enforce memory allocation size limits to avoid an Out of Memory Error (OOME) or exhaustion of the memory pool.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "netty: compression/decompression codecs don\u0027t enforce limits on buffer allocation sizes",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "In OpenShift Container Platform end users don\u0027t have direct access to send requests to ElasticSearch. A user could need access to the ElasticSearch service on the internal cluster network in order to be able to send malicious requests to it.\n\n\nThird party scanners flagging Red Hat Satellite due to availability of the higher version packages in Red Hat AMQ Clients (through errata RHSA-2020:2605) compare to the qpid packages from Satellite Tools repository. qpid dependency fixed in errata RHSA-2020:2605 was for Red Hat AMQ Clients and it doesn\u0027t necessarily mean that packages from Satellite Tools are affected. These are two different products with different architecture and code-base. Updating the packages from any other repository than the Satellite-tools repository is not recommended for Satellite Customers. \n\nRed Hat Satellite 6.7 and earlier ship affected version of netty, however, there is no external connection being exposed and it is used by only Artemis to open an internal connection within the JVM. Since netty does not come into contact with untrusted data, vulnerability is not exposed in product code and there is no breach of Confidentiality, Integrity or Availability expected from this vulnerability. We may update the netty and its dependency in a future release.\n\nMore information regarding Satellite related packages can be found on KCS: https://access.redhat.com/solutions/5200591",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Enterprise Application Platform 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-11612"
},
{
"category": "external",
"summary": "RHBZ#1816216",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816216"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-11612",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11612"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-11612",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11612"
}
],
"release_date": "2020-01-31T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-08-17T13:25:19+00:00",
"details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).\n\nThe JBoss server process must be restarted for the update to take effect.",
"product_ids": [
"Red Hat JBoss Enterprise Application Platform 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3464"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat JBoss Enterprise Application Platform 7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "netty: compression/decompression codecs don\u0027t enforce limits on buffer allocation sizes"
},
{
"cve": "CVE-2020-14297",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2020-07-01T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1853595"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Wildfly\u0027s EJB Client, where the accumulation of specific EJB transaction objects over time can cause services to slow down and eventually become unavailable. This flaw allows an attacker to cause a denial of service. The highest threat from this vulnerability is to system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "wildfly: Some EJB transaction objects may get accumulated causing Denial of Service",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Enterprise Application Platform 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-14297"
},
{
"category": "external",
"summary": "RHBZ#1853595",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1853595"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-14297",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14297"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-14297",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14297"
}
],
"release_date": "2020-07-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-08-17T13:25:19+00:00",
"details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).\n\nThe JBoss server process must be restarted for the update to take effect.",
"product_ids": [
"Red Hat JBoss Enterprise Application Platform 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3464"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat JBoss Enterprise Application Platform 7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "wildfly: Some EJB transaction objects may get accumulated causing Denial of Service"
},
{
"cve": "CVE-2020-14307",
"cwe": {
"id": "CWE-404",
"name": "Improper Resource Shutdown or Release"
},
"discovery_date": "2020-06-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1851327"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in Wildfly\u0027s Enterprise Java Beans (EJB), where SessionOpenInvocations are never removed from the remote InvocationTracker after a response is received in the EJB Client, as well as the server. This flaw allows an attacker to craft a denial of service attack to make the service unavailable.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "wildfly: EJB SessionOpenInvocations may not be removed properly after a response is received causing Denial of Service",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Enterprise Application Platform 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-14307"
},
{
"category": "external",
"summary": "RHBZ#1851327",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1851327"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-14307",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14307"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-14307",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14307"
}
],
"release_date": "2020-07-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-08-17T13:25:19+00:00",
"details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).\n\nThe JBoss server process must be restarted for the update to take effect.",
"product_ids": [
"Red Hat JBoss Enterprise Application Platform 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3464"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat JBoss Enterprise Application Platform 7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "wildfly: EJB SessionOpenInvocations may not be removed properly after a response is received causing Denial of Service"
}
]
}
RHSA-2020:3501
Vulnerability from csaf_redhat - Published: 2020-08-18 16:34 - Updated: 2026-05-14 22:30Summary
Red Hat Security Advisory: Red Hat Single Sign-On 7.4.2 security update
Severity
Important
Notes
Topic: A security update is now available for Red Hat Single Sign-On 7.4 from the Customer Portal.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Red Hat Single Sign-On 7.4 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.
This release of Red Hat Single Sign-On 7.4.2 serves as a replacement for Red Hat Single Sign-On 7.4.1, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.
Security Fix(es):
* EAP: field-name is not parsed in accordance to RFC7230 (CVE-2020-1710)
* jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution (CVE-2020-10672)
* jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution (CVE-2020-10673)
* wildfly: unsafe deserialization in Wildfly Enterprise Java Beans (CVE-2020-10740)
* keycloak: DoS by sending multiple simultaneous requests with a Content-Length header value greater than actual byte count of request body (CVE-2020-10758)
* Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain (CVE-2020-1748)
* dom4j: XML External Entity vulnerability in default SAX parser (CVE-2020-10683)
* Undertow: Incomplete fix for CVE-2017-2666 due to permitting invalid characters in HTTP requests (CVE-2020-10687)
* hibernate-validator: Improper input validation in the interpolation of constraint error messages (CVE-2020-10693)
* wildfly-elytron: session fixation when using FORM authentication (CVE-2020-10714)
* wildfly: exposed setting of TCCL via the EmbeddedManagedProcess API (CVE-2020-10718)
* wildfly: EJB SessionOpenInvocations may not be removed properly after a response is received causing Denial of Service (CVE-2020-14307)
* netty: compression/decompression codecs don't enforce limits on buffer allocation sizes (CVE-2020-11612)
* keycloak: security headers missing on REST endpoints (CVE-2020-1728)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was discovered in JBoss EAP, where it does not process the header field-name in accordance with RFC7230. Whitespace between the header field-name and colon is processed, resulting in an HTTP response code of 200 instead of a bad request of 400.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Single Sign-On 7.4.2
Red Hat / Red Hat Single Sign-On
|
cpe:/a:redhat:jboss_single_sign_on:7.4
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in Keycloak’s Admin Console, where it is missing HTTP security headers in HTTP responses. This issue is not a direct vulnerability and may not lead to a security issue, but increases the chances of allowing attackers to exploit other security flaws. Examples of these possible exploits are servers being prone to clickjacking, channel downgrade attacks, and other similar client-based attack vectors.
4.8 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Single Sign-On 7.4.2
Red Hat / Red Hat Single Sign-On
|
cpe:/a:redhat:jboss_single_sign_on:7.4
|
— |
Vendor Fix
fix
|
Threats
Impact
Low
A flaw was found in Wildfly, where the WildFlySecurityManager checks were bypassed when using custom security managers, resulting in an improper authorization. This flaw leads to information exposure by unauthenticated access to secure resources.
4.8 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Single Sign-On 7.4.2
Red Hat / Red Hat Single Sign-On
|
cpe:/a:redhat:jboss_single_sign_on:7.4
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
8.1 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Single Sign-On 7.4.2
Red Hat / Red Hat Single Sign-On
|
cpe:/a:redhat:jboss_single_sign_on:7.4
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
8.1 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Single Sign-On 7.4.2
Red Hat / Red Hat Single Sign-On
|
cpe:/a:redhat:jboss_single_sign_on:7.4
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
dom4j before 2.0.3 and 2.1.x before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j.
7.4 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Single Sign-On 7.4.2
Red Hat / Red Hat Single Sign-On
|
cpe:/a:redhat:jboss_single_sign_on:7.4
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was discovered in Undertow where HTTP request smuggling related to CVE-2017-2666 is possible against HTTP/1.x and HTTP/2 due to permitting invalid characters in an HTTP request. This flaw allows an attacker to poison a web-cache, perform an XSS attack, or obtain sensitive information from request other than their own.
4.8 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Single Sign-On 7.4.2
Red Hat / Red Hat Single Sign-On
|
cpe:/a:redhat:jboss_single_sign_on:7.4
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in Hibernate Validator version 6.1.2.Final. A bug in the message interpolation processor enables invalid EL expressions to be evaluated as if they were valid. This flaw allows attackers to bypass input sanitation (escaping, stripping) controls that developers may have put in place when handling user-controlled data in error messages.
5.3 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Single Sign-On 7.4.2
Red Hat / Red Hat Single Sign-On
|
cpe:/a:redhat:jboss_single_sign_on:7.4
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in WildFly Elytron version 1.11.3.Final and before. When using WildFly Elytron FORM authentication with a session ID in the URL, an attacker could perform a session fixation attack. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Single Sign-On 7.4.2
Red Hat / Red Hat Single Sign-On
|
cpe:/a:redhat:jboss_single_sign_on:7.4
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in Wildfly, where the embedded managed process API has an exposed setting of the Thread Context Classloader (TCCL). This setting is exposed as a public method, which can bypass the security manager. The highest threat from this vulnerability is to confidentiality.
5.9 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Single Sign-On 7.4.2
Red Hat / Red Hat Single Sign-On
|
cpe:/a:redhat:jboss_single_sign_on:7.4
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in Wildfly. A remote deserialization attack is possible in the Enterprise Application Beans (EJB) due to lack of validation/filtering capabilities in wildfly. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availablity.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Single Sign-On 7.4.2
Red Hat / Red Hat Single Sign-On
|
cpe:/a:redhat:jboss_single_sign_on:7.4
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in Keycloak. This flaw allows an attacker to perform a denial of service attack by sending multiple simultaneous requests with a Content-Length header value greater than the actual byte count of the request body. The highest threat from this vulnerability is to system availability.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Single Sign-On 7.4.2
Red Hat / Red Hat Single Sign-On
|
cpe:/a:redhat:jboss_single_sign_on:7.4
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in Netty in the way it handles the amount of data it compresses and decompresses. The Compression/Decompression codecs should enforce memory allocation size limits to avoid an Out of Memory Error (OOME) or exhaustion of the memory pool.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Single Sign-On 7.4.2
Red Hat / Red Hat Single Sign-On
|
cpe:/a:redhat:jboss_single_sign_on:7.4
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in Wildfly's EJB Client, where the accumulation of specific EJB transaction objects over time can cause services to slow down and eventually become unavailable. This flaw allows an attacker to cause a denial of service. The highest threat from this vulnerability is to system availability.
6.5 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Single Sign-On 7.4.2
Red Hat / Red Hat Single Sign-On
|
cpe:/a:redhat:jboss_single_sign_on:7.4
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A vulnerability was found in Wildfly's Enterprise Java Beans (EJB), where SessionOpenInvocations are never removed from the remote InvocationTracker after a response is received in the EJB Client, as well as the server. This flaw allows an attacker to craft a denial of service attack to make the service unavailable.
6.5 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Single Sign-On 7.4.2
Red Hat / Red Hat Single Sign-On
|
cpe:/a:redhat:jboss_single_sign_on:7.4
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
References
79 references
Acknowledgments
Adith Sudhakar
Red Hat
Aaron Ogburn
GitHub Security Labs
Alvaro Muñoz
Nedap
Mark Banierink
Red Hat
James R. Perkins
SySS GmbH
Moritz Bechler
Soluble.ai
Matt Hamilton
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "A security update is now available for Red Hat Single Sign-On 7.4 from the Customer Portal.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat Single Sign-On 7.4 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.\n\nThis release of Red Hat Single Sign-On 7.4.2 serves as a replacement for Red Hat Single Sign-On 7.4.1, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.\n\nSecurity Fix(es):\n\n* EAP: field-name is not parsed in accordance to RFC7230 (CVE-2020-1710)\n\n* jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution (CVE-2020-10672)\n\n* jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution (CVE-2020-10673)\n\n* wildfly: unsafe deserialization in Wildfly Enterprise Java Beans (CVE-2020-10740)\n\n* keycloak: DoS by sending multiple simultaneous requests with a Content-Length header value greater than actual byte count of request body (CVE-2020-10758)\n\n* Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain (CVE-2020-1748)\n\n* dom4j: XML External Entity vulnerability in default SAX parser (CVE-2020-10683)\n\n* Undertow: Incomplete fix for CVE-2017-2666 due to permitting invalid characters in HTTP requests (CVE-2020-10687)\n\n* hibernate-validator: Improper input validation in the interpolation of constraint error messages (CVE-2020-10693)\n\n* wildfly-elytron: session fixation when using FORM authentication (CVE-2020-10714)\n\n* wildfly: exposed setting of TCCL via the EmbeddedManagedProcess API (CVE-2020-10718)\n\n* wildfly: EJB SessionOpenInvocations may not be removed properly after a response is received causing Denial of Service (CVE-2020-14307)\n\n* netty: compression/decompression codecs don\u0027t enforce limits on buffer allocation sizes (CVE-2020-11612)\n\n* keycloak: security headers missing on REST endpoints (CVE-2020-1728)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2020:3501",
"url": "https://access.redhat.com/errata/RHSA-2020:3501"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=core.service.rhsso\u0026downloadType=securityPatches\u0026version=7.4",
"url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=core.service.rhsso\u0026downloadType=securityPatches\u0026version=7.4"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_single_sign-on/7.4/",
"url": "https://access.redhat.com/documentation/en-us/red_hat_single_sign-on/7.4/"
},
{
"category": "external",
"summary": "1694235",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1694235"
},
{
"category": "external",
"summary": "1785049",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1785049"
},
{
"category": "external",
"summary": "1793970",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1793970"
},
{
"category": "external",
"summary": "1800585",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1800585"
},
{
"category": "external",
"summary": "1805501",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1805501"
},
{
"category": "external",
"summary": "1807707",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1807707"
},
{
"category": "external",
"summary": "1815470",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1815470"
},
{
"category": "external",
"summary": "1815495",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1815495"
},
{
"category": "external",
"summary": "1816216",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816216"
},
{
"category": "external",
"summary": "1825714",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1825714"
},
{
"category": "external",
"summary": "1828476",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828476"
},
{
"category": "external",
"summary": "1834512",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1834512"
},
{
"category": "external",
"summary": "1843849",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1843849"
},
{
"category": "external",
"summary": "1851327",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1851327"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_3501.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Single Sign-On 7.4.2 security update",
"tracking": {
"current_release_date": "2026-05-14T22:30:17+00:00",
"generator": {
"date": "2026-05-14T22:30:17+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.0"
}
},
"id": "RHSA-2020:3501",
"initial_release_date": "2020-08-18T16:34:33+00:00",
"revision_history": [
{
"date": "2020-08-18T16:34:33+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2020-08-18T16:34:33+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-05-14T22:30:17+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Single Sign-On 7.4.2",
"product": {
"name": "Red Hat Single Sign-On 7.4.2",
"product_id": "Red Hat Single Sign-On 7.4.2",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_single_sign_on:7.4"
}
}
}
],
"category": "product_family",
"name": "Red Hat Single Sign-On"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-1710",
"cwe": {
"id": "CWE-113",
"name": "Improper Neutralization of CRLF Sequences in HTTP Headers (\u0027HTTP Request/Response Splitting\u0027)"
},
"discovery_date": "2019-12-20T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1793970"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was discovered in JBoss EAP, where it does not process the header field-name in accordance with RFC7230. Whitespace between the header field-name and colon is processed, resulting in an HTTP response code of 200 instead of a bad request of 400.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "EAP: field-name is not parsed in accordance to RFC7230",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Single Sign-On 7.4.2"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-1710"
},
{
"category": "external",
"summary": "RHBZ#1793970",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1793970"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-1710",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1710"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1710",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1710"
}
],
"release_date": "2020-08-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-08-18T16:34:33+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat Single Sign-On 7.4.2"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3501"
},
{
"category": "workaround",
"details": "There is currently no known mitigation for this issue.",
"product_ids": [
"Red Hat Single Sign-On 7.4.2"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Single Sign-On 7.4.2"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "EAP: field-name is not parsed in accordance to RFC7230"
},
{
"cve": "CVE-2020-1728",
"cwe": {
"id": "CWE-358",
"name": "Improperly Implemented Security Check for Standard"
},
"discovery_date": "2020-02-07T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1800585"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Keycloak\u2019s Admin Console, where it is missing HTTP security headers in HTTP responses. This issue is not a direct vulnerability and may not lead to a security issue, but increases the chances of allowing attackers to exploit other security flaws. Examples of these possible exploits are servers being prone to clickjacking, channel downgrade attacks, and other similar client-based attack vectors.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "keycloak: security headers missing on REST endpoints",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Single Sign-On 7.4.2"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-1728"
},
{
"category": "external",
"summary": "RHBZ#1800585",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1800585"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-1728",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1728"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1728",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1728"
}
],
"release_date": "2019-11-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-08-18T16:34:33+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat Single Sign-On 7.4.2"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3501"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat Single Sign-On 7.4.2"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "keycloak: security headers missing on REST endpoints"
},
{
"cve": "CVE-2020-1748",
"cwe": {
"id": "CWE-285",
"name": "Improper Authorization"
},
"discovery_date": "2020-02-26T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1807707"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Wildfly, where the WildFlySecurityManager checks were bypassed when using custom security managers, resulting in an improper authorization. This flaw leads to information exposure by unauthenticated access to secure resources.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Single Sign-On 7.4.2"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-1748"
},
{
"category": "external",
"summary": "RHBZ#1807707",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1807707"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-1748",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1748"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1748",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1748"
}
],
"release_date": "2020-08-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-08-18T16:34:33+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat Single Sign-On 7.4.2"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3501"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat Single Sign-On 7.4.2"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain"
},
{
"cve": "CVE-2020-10672",
"cwe": {
"id": "CWE-96",
"name": "Improper Neutralization of Directives in Statically Saved Code (\u0027Static Code Injection\u0027)"
},
"discovery_date": "2020-03-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1815495"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Single Sign-On 7.4.2"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-10672"
},
{
"category": "external",
"summary": "RHBZ#1815495",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1815495"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-10672",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10672"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10672",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10672"
}
],
"release_date": "2020-03-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-08-18T16:34:33+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat Single Sign-On 7.4.2"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3501"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Single Sign-On 7.4.2"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution"
},
{
"cve": "CVE-2020-10673",
"cwe": {
"id": "CWE-96",
"name": "Improper Neutralization of Directives in Statically Saved Code (\u0027Static Code Injection\u0027)"
},
"discovery_date": "2020-03-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1815470"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time. Additionally, the gadget is not available within Red Hat Openstack Platform\u0027s OpenDaylight.\n\nWhile OpenShift Container Platform\u0027s elasticsearch plugins do ship the vulnerable component, it doesn\u0027t do any of the unsafe things described in https://access.redhat.com/solutions/3279231. We may update the jackson-databind dependency in a future release.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Single Sign-On 7.4.2"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-10673"
},
{
"category": "external",
"summary": "RHBZ#1815470",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1815470"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-10673",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10673"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10673",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10673"
}
],
"release_date": "2020-03-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-08-18T16:34:33+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat Single Sign-On 7.4.2"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3501"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Single Sign-On 7.4.2"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution"
},
{
"acknowledgments": [
{
"names": [
"Adith Sudhakar"
]
}
],
"cve": "CVE-2020-10683",
"cwe": {
"id": "CWE-611",
"name": "Improper Restriction of XML External Entity Reference"
},
"discovery_date": "2019-03-28T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1694235"
}
],
"notes": [
{
"category": "description",
"text": "dom4j before 2.0.3 and 2.1.x before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "dom4j: XML External Entity vulnerability in default SAX parser",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "OpenShift Container Platform ships a vulnerable version of dom4j library. However it\u0027s used to parse configuration files, which are local disk resources. We\u0027ve rated this issue with a moderate impact for OpenShift Container Platform.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Single Sign-On 7.4.2"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-10683"
},
{
"category": "external",
"summary": "RHBZ#1694235",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1694235"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-10683",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10683"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10683",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10683"
}
],
"release_date": "2020-04-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-08-18T16:34:33+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat Single Sign-On 7.4.2"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3501"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.0"
},
"products": [
"Red Hat Single Sign-On 7.4.2"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "dom4j: XML External Entity vulnerability in default SAX parser"
},
{
"acknowledgments": [
{
"names": [
"Aaron Ogburn"
],
"organization": "Red Hat",
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2020-10687",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"discovery_date": "2019-06-27T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1785049"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was discovered in Undertow where HTTP request smuggling related to CVE-2017-2666 is possible against HTTP/1.x and HTTP/2 due to permitting invalid characters in an HTTP request. This flaw allows an attacker to poison a web-cache, perform an XSS attack, or obtain sensitive information from request other than their own.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Undertow: Incomplete fix for CVE-2017-2666 due to permitting invalid characters in HTTP requests",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Single Sign-On 7.4.2"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-10687"
},
{
"category": "external",
"summary": "RHBZ#1785049",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1785049"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-10687",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10687"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10687",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10687"
}
],
"release_date": "2020-04-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-08-18T16:34:33+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat Single Sign-On 7.4.2"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3501"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"Red Hat Single Sign-On 7.4.2"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Undertow: Incomplete fix for CVE-2017-2666 due to permitting invalid characters in HTTP requests"
},
{
"acknowledgments": [
{
"names": [
"Alvaro Mu\u00f1oz"
],
"organization": "GitHub Security Labs"
}
],
"cve": "CVE-2020-10693",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2020-02-05T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1805501"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Hibernate Validator version 6.1.2.Final. A bug in the message interpolation processor enables invalid EL expressions to be evaluated as if they were valid. This flaw allows attackers to bypass input sanitation (escaping, stripping) controls that developers may have put in place when handling user-controlled data in error messages.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "hibernate-validator: Improper input validation in the interpolation of constraint error messages",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "hibernate-validator is packaged with Red Hat OpenStack Platform 13.0\u0027s OpenDaylight (ODL). However, because ODL is technical preview in this version and the flaw is moderate, Red Hat will not be releasing a fix for the OpenStack package at this time.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Single Sign-On 7.4.2"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-10693"
},
{
"category": "external",
"summary": "RHBZ#1805501",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1805501"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-10693",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10693"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10693",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10693"
}
],
"release_date": "2020-05-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-08-18T16:34:33+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat Single Sign-On 7.4.2"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3501"
},
{
"category": "workaround",
"details": "You can pass user input as an expression variable by unwrapping the context to HibernateConstraintValidatorContext. Please refer to the https://in.relation.to/2020/05/07/hibernate-validator-615-6020-released/ and https://docs.jboss.org/hibernate/stable/validator/reference/en-US/html_single/#_the_code_constraintvalidatorcontext_code.",
"product_ids": [
"Red Hat Single Sign-On 7.4.2"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat Single Sign-On 7.4.2"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "hibernate-validator: Improper input validation in the interpolation of constraint error messages"
},
{
"acknowledgments": [
{
"names": [
"Mark Banierink"
],
"organization": "Nedap"
}
],
"cve": "CVE-2020-10714",
"cwe": {
"id": "CWE-384",
"name": "Session Fixation"
},
"discovery_date": "2020-03-24T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1825714"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WildFly Elytron version 1.11.3.Final and before. When using WildFly Elytron FORM authentication with a session ID in the URL, an attacker could perform a session fixation attack. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "wildfly-elytron: session fixation when using FORM authentication",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Single Sign-On 7.4.2"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-10714"
},
{
"category": "external",
"summary": "RHBZ#1825714",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1825714"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-10714",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10714"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10714",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10714"
}
],
"release_date": "2020-04-28T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-08-18T16:34:33+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat Single Sign-On 7.4.2"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3501"
},
{
"category": "workaround",
"details": "This attack is dependent on the attacker being able to create a session and the victim accessing the session before the session expires, we do have a 15 minute session timeout by default but the attacker could also keep this alive by say sending in a request every five minutes.\n\nThe server by default supports session tracking by URL and Cookie, if the web.xml is updated to support COOKIE only the exploit is not possible by sharing the link.\n~~~\n \u003csession-config\u003e\n \u003ctracking-mode\u003eURL\u003c/tracking-mode\u003e\n \u003c/session-config\u003e\n~~~\nTO\n~~~\n \u003csession-config\u003e\n \u003ctracking-mode\u003eCOOKIE\u003c/tracking-mode\u003e\n \u003c/session-config\u003e\n~~~",
"product_ids": [
"Red Hat Single Sign-On 7.4.2"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Single Sign-On 7.4.2"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "wildfly-elytron: session fixation when using FORM authentication"
},
{
"acknowledgments": [
{
"names": [
"James R. Perkins"
],
"organization": "Red Hat",
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2020-10718",
"cwe": {
"id": "CWE-749",
"name": "Exposed Dangerous Method or Function"
},
"discovery_date": "2020-03-09T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1828476"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Wildfly, where the embedded managed process API has an exposed setting of the Thread Context Classloader (TCCL). This setting is exposed as a public method, which can bypass the security manager. The highest threat from this vulnerability is to confidentiality.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "wildfly: exposed setting of TCCL via the EmbeddedManagedProcess API",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Single Sign-On 7.4.2"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-10718"
},
{
"category": "external",
"summary": "RHBZ#1828476",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828476"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-10718",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10718"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10718",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10718"
}
],
"release_date": "2020-08-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-08-18T16:34:33+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat Single Sign-On 7.4.2"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3501"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat Single Sign-On 7.4.2"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "wildfly: exposed setting of TCCL via the EmbeddedManagedProcess API"
},
{
"acknowledgments": [
{
"names": [
"Moritz Bechler"
],
"organization": "SySS GmbH"
}
],
"cve": "CVE-2020-10740",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2020-03-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1834512"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Wildfly. A remote deserialization attack is possible in the Enterprise Application Beans (EJB) due to lack of validation/filtering capabilities in wildfly. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availablity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "wildfly: unsafe deserialization in Wildfly Enterprise Java Beans",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Single Sign-On 7.4.2"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-10740"
},
{
"category": "external",
"summary": "RHBZ#1834512",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1834512"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-10740",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10740"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10740",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10740"
}
],
"release_date": "2020-06-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-08-18T16:34:33+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat Single Sign-On 7.4.2"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3501"
},
{
"category": "workaround",
"details": "There is currently no known mitigation for this issue.",
"product_ids": [
"Red Hat Single Sign-On 7.4.2"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Single Sign-On 7.4.2"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "wildfly: unsafe deserialization in Wildfly Enterprise Java Beans"
},
{
"acknowledgments": [
{
"names": [
"Matt Hamilton"
],
"organization": "Soluble.ai"
}
],
"cve": "CVE-2020-10758",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2020-06-02T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1843849"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Keycloak. This flaw allows an attacker to perform a denial of service attack by sending multiple simultaneous requests with a Content-Length header value greater than the actual byte count of the request body. The highest threat from this vulnerability is to system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "keycloak: DoS by sending multiple simultaneous requests with a Content-Length header value greater than actual byte count of request body",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Single Sign-On 7.4.2"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-10758"
},
{
"category": "external",
"summary": "RHBZ#1843849",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1843849"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-10758",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10758"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10758",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10758"
}
],
"release_date": "2020-08-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-08-18T16:34:33+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat Single Sign-On 7.4.2"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3501"
},
{
"category": "workaround",
"details": "- The possibility of this issue largely depends on the environment, specifically the load balancer or reverse proxies between the client and the server. The issue occurs when there is no load balancer in place.\n\n- Proper tuning of HTTP request timeout and keycloak database max pool size can mitigate this issue :\nbin/jboss-cli.sh --connect --commands=\u0027/subsystem=transactions:write-attribute(name=default-timeout,value=30),/subsystem=undertow/server=default-server/http-listener=default/:write-attribute(name=read-timeout,value=30000),/subsystem=undertow/server=default-server/https-listener=https/:write-attribute(name=read-timeout,value=30000),/subsystem=datasources/data-source=KeycloakDS/:write-attribute(name=max-pool-size,value=100),reload\u0027",
"product_ids": [
"Red Hat Single Sign-On 7.4.2"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Single Sign-On 7.4.2"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "keycloak: DoS by sending multiple simultaneous requests with a Content-Length header value greater than actual byte count of request body"
},
{
"cve": "CVE-2020-11612",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2020-03-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1816216"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Netty in the way it handles the amount of data it compresses and decompresses. The Compression/Decompression codecs should enforce memory allocation size limits to avoid an Out of Memory Error (OOME) or exhaustion of the memory pool.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "netty: compression/decompression codecs don\u0027t enforce limits on buffer allocation sizes",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "In OpenShift Container Platform end users don\u0027t have direct access to send requests to ElasticSearch. A user could need access to the ElasticSearch service on the internal cluster network in order to be able to send malicious requests to it.\n\n\nThird party scanners flagging Red Hat Satellite due to availability of the higher version packages in Red Hat AMQ Clients (through errata RHSA-2020:2605) compare to the qpid packages from Satellite Tools repository. qpid dependency fixed in errata RHSA-2020:2605 was for Red Hat AMQ Clients and it doesn\u0027t necessarily mean that packages from Satellite Tools are affected. These are two different products with different architecture and code-base. Updating the packages from any other repository than the Satellite-tools repository is not recommended for Satellite Customers. \n\nRed Hat Satellite 6.7 and earlier ship affected version of netty, however, there is no external connection being exposed and it is used by only Artemis to open an internal connection within the JVM. Since netty does not come into contact with untrusted data, vulnerability is not exposed in product code and there is no breach of Confidentiality, Integrity or Availability expected from this vulnerability. We may update the netty and its dependency in a future release.\n\nMore information regarding Satellite related packages can be found on KCS: https://access.redhat.com/solutions/5200591",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Single Sign-On 7.4.2"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-11612"
},
{
"category": "external",
"summary": "RHBZ#1816216",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816216"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-11612",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11612"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-11612",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11612"
}
],
"release_date": "2020-01-31T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-08-18T16:34:33+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat Single Sign-On 7.4.2"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3501"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Single Sign-On 7.4.2"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "netty: compression/decompression codecs don\u0027t enforce limits on buffer allocation sizes"
},
{
"cve": "CVE-2020-14297",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2020-07-01T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1853595"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Wildfly\u0027s EJB Client, where the accumulation of specific EJB transaction objects over time can cause services to slow down and eventually become unavailable. This flaw allows an attacker to cause a denial of service. The highest threat from this vulnerability is to system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "wildfly: Some EJB transaction objects may get accumulated causing Denial of Service",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Single Sign-On 7.4.2"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-14297"
},
{
"category": "external",
"summary": "RHBZ#1853595",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1853595"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-14297",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14297"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-14297",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14297"
}
],
"release_date": "2020-07-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-08-18T16:34:33+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat Single Sign-On 7.4.2"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3501"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Single Sign-On 7.4.2"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "wildfly: Some EJB transaction objects may get accumulated causing Denial of Service"
},
{
"cve": "CVE-2020-14307",
"cwe": {
"id": "CWE-404",
"name": "Improper Resource Shutdown or Release"
},
"discovery_date": "2020-06-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1851327"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in Wildfly\u0027s Enterprise Java Beans (EJB), where SessionOpenInvocations are never removed from the remote InvocationTracker after a response is received in the EJB Client, as well as the server. This flaw allows an attacker to craft a denial of service attack to make the service unavailable.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "wildfly: EJB SessionOpenInvocations may not be removed properly after a response is received causing Denial of Service",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Single Sign-On 7.4.2"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-14307"
},
{
"category": "external",
"summary": "RHBZ#1851327",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1851327"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-14307",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14307"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-14307",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14307"
}
],
"release_date": "2020-07-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-08-18T16:34:33+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat Single Sign-On 7.4.2"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3501"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Single Sign-On 7.4.2"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "wildfly: EJB SessionOpenInvocations may not be removed properly after a response is received causing Denial of Service"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…