Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2022-25857 (GCVE-0-2022-25857)
Vulnerability from cvelistv5 – Published: 2022-08-30 05:05 – Updated: 2024-09-16 21:57
VLAI
EPSS
Title
Denial of Service (DoS)
Summary
The package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable to Denial of Service (DoS) due missing to nested depth limitation for collections.
Severity
7.5 (High)
CWE
- Denial of Service (DoS)
Assigner
References
6 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | org.yaml:snakeyaml |
Affected:
0 , < unspecified
(custom)
Affected: unspecified , < 1.31 (custom) |
Date Public
2022-08-30 00:00
Credits
unknown
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:49:44.292Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://security.snyk.io/vuln/SNYK-JAVA-ORGYAML-2806360"
},
{
"tags": [
"x_transferred"
],
"url": "https://bitbucket.org/snakeyaml/snakeyaml/commits/fc300780da21f4bb92c148bc90257201220cf174"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/snakeyaml/snakeyaml/commit/fc300780da21f4bb92c148bc90257201220cf174"
},
{
"tags": [
"x_transferred"
],
"url": "https://bitbucket.org/snakeyaml/snakeyaml/issues/525"
},
{
"name": "[debian-lts-announce] 20221002 [SECURITY] [DLA 3132-1] snakeyaml security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00001.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20240315-0010/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "org.yaml:snakeyaml",
"vendor": "n/a",
"versions": [
{
"lessThan": "unspecified",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "1.31",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "unknown"
}
],
"datePublic": "2022-08-30T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable to Denial of Service (DoS) due missing to nested depth limitation for collections."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of Service (DoS)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-15T11:06:01.014Z",
"orgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
"shortName": "snyk"
},
"references": [
{
"url": "https://security.snyk.io/vuln/SNYK-JAVA-ORGYAML-2806360"
},
{
"url": "https://bitbucket.org/snakeyaml/snakeyaml/commits/fc300780da21f4bb92c148bc90257201220cf174"
},
{
"url": "https://github.com/snakeyaml/snakeyaml/commit/fc300780da21f4bb92c148bc90257201220cf174"
},
{
"url": "https://bitbucket.org/snakeyaml/snakeyaml/issues/525"
},
{
"name": "[debian-lts-announce] 20221002 [SECURITY] [DLA 3132-1] snakeyaml security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00001.html"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240315-0010/"
}
],
"title": "Denial of Service (DoS)"
}
},
"cveMetadata": {
"assignerOrgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
"assignerShortName": "snyk",
"cveId": "CVE-2022-25857",
"datePublished": "2022-08-30T05:05:11.588Z",
"dateReserved": "2022-02-24T00:00:00.000Z",
"dateUpdated": "2024-09-16T21:57:41.551Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2022-25857",
"date": "2026-05-29",
"epss": "0.0292",
"percentile": "0.86632"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2022-25857\",\"sourceIdentifier\":\"report@snyk.io\",\"published\":\"2022-08-30T05:15:07.667\",\"lastModified\":\"2024-11-21T06:53:07.563\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable to Denial of Service (DoS) due missing to nested depth limitation for collections.\"},{\"lang\":\"es\",\"value\":\"El paquete org.yaml:snakeyaml versiones desde 0 y anteriores a 1.31, son vulnerables a una Denegaci\u00f3n de Servicio (DoS) debido a una falta de limitaci\u00f3n de profundidad anidada para las colecciones\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"report@snyk.io\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-776\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:snakeyaml_project:snakeyaml:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.31\",\"matchCriteriaId\":\"4911A85B-287B-4900-8ACE-5BA60949D7BE\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73\"}]}]}],\"references\":[{\"url\":\"https://bitbucket.org/snakeyaml/snakeyaml/commits/fc300780da21f4bb92c148bc90257201220cf174\",\"source\":\"report@snyk.io\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://bitbucket.org/snakeyaml/snakeyaml/issues/525\",\"source\":\"report@snyk.io\",\"tags\":[\"Exploit\",\"Issue Tracking\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/snakeyaml/snakeyaml/commit/fc300780da21f4bb92c148bc90257201220cf174\",\"source\":\"report@snyk.io\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2022/10/msg00001.html\",\"source\":\"report@snyk.io\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20240315-0010/\",\"source\":\"report@snyk.io\"},{\"url\":\"https://security.snyk.io/vuln/SNYK-JAVA-ORGYAML-2806360\",\"source\":\"report@snyk.io\",\"tags\":[\"Exploit\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://bitbucket.org/snakeyaml/snakeyaml/commits/fc300780da21f4bb92c148bc90257201220cf174\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://bitbucket.org/snakeyaml/snakeyaml/issues/525\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Issue Tracking\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/snakeyaml/snakeyaml/commit/fc300780da21f4bb92c148bc90257201220cf174\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2022/10/msg00001.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20240315-0010/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security.snyk.io/vuln/SNYK-JAVA-ORGYAML-2806360\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Patch\",\"Third Party Advisory\"]}]}}"
}
}
RHSA-2025:4226
Vulnerability from csaf_redhat - Published: 2025-04-28 00:20 - Updated: 2026-05-22 14:23Summary
Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.1.10 on RHEL 7 security update
Severity
Important
Notes
Topic: A security update is now available for Red Hat JBoss Enterprise Application Platform 7.1 for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.1.10 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.1.9, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.1.9 Release Notes for information about the most significant bug fixes and enhancements included in this release.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in Undertow. A buffer leak on the incoming WebSocket PONG message may lead to memory exhaustion. This flaw allows an attacker to cause a denial of service. The highest threat from this vulnerability is availability.
7.5 (High)
Affected products
Fixed
34 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-cli-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-commons-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-core-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-dto-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hornetq-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hqclient-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jdbc-store-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-journal-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-native-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-ra-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-selector-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-service-extensions-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-artemis-native-debuginfo-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-artemis-native-wildfly-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.src | — |
Vendor Fix
fix
|
Threats
Impact
Important
A flaw was found in Undertow that tripped the client-side invocation timeout with certain calls made over HTTP2. This flaw allows an attacker to carry out denial of service attacks.
7.5 (High)
Affected products
Fixed
34 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-cli-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-commons-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-core-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-dto-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hornetq-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hqclient-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jdbc-store-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-journal-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-native-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-ra-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-selector-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-service-extensions-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-artemis-native-debuginfo-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-artemis-native-wildfly-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.src | — |
Vendor Fix
fix
|
Threats
Impact
Important
jsoup is a Java library for working with HTML. Those using jsoup versions prior to 1.14.2 to parse untrusted HTML or XML may be vulnerable to DOS attacks. If the parser is run on user supplied input, an attacker may supply content that causes the parser to get stuck (loop indefinitely until cancelled), to complete more slowly than usual, or to throw an unexpected exception. This effect may support a denial of service attack. The issue is patched in version 1.14.2. There are a few available workarounds. Users may rate limit input parsing, limit the size of inputs based on system resources, and/or implement thread watchdogs to cap and timeout parse runtimes.
7.5 (High)
Affected products
Fixed
34 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-cli-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-commons-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-core-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-dto-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hornetq-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hqclient-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jdbc-store-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-journal-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-native-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-ra-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-selector-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-service-extensions-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-artemis-native-debuginfo-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-artemis-native-wildfly-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.src | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
All versions of Apache Santuario - XML Security for Java prior to 2.2.3 and 2.1.7 are vulnerable to an issue where the "secureValidation" property is not passed correctly when creating a KeyInfo from a KeyInfoReference element. This allows an attacker to abuse an XPath Transform to extract any local .xml files in a RetrievalMethod element.
7.5 (High)
Affected products
Fixed
34 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-cli-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-commons-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-core-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-dto-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hornetq-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hqclient-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jdbc-store-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-journal-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-native-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-ra-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-selector-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-service-extensions-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-artemis-native-debuginfo-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-artemis-native-wildfly-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.src | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in XNIO, specifically in the notifyReadClosed method. The issue revealed this method was logging a message to another expected end. This flaw allows an attacker to send flawed requests to a server, possibly causing log contention-related performance concerns or an unwanted disk fill-up.
7.5 (High)
Affected products
Fixed
34 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-cli-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-commons-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-core-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-dto-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hornetq-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hqclient-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jdbc-store-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-journal-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-native-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-ra-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-selector-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-service-extensions-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-artemis-native-debuginfo-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-artemis-native-wildfly-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.src | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in Undertow. For an AJP 400 response, EAP 7 is improperly sending two response packets, and those packets have the reuse flag set even though JBoss EAP closes the connection. A failure occurs when the connection is reused after a 400 by CPING since it reads in the second SEND_HEADERS response packet instead of a CPONG.
7.5 (High)
Affected products
Fixed
34 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-cli-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-commons-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-core-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-dto-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hornetq-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hqclient-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jdbc-store-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-journal-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-native-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-ra-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-selector-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-service-extensions-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-artemis-native-debuginfo-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-artemis-native-wildfly-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.src | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in Undertow. AJP requests to the server may allow an attacker to send a malicious request and trigger server errors, resulting in a denial of service.
7.5 (High)
Affected products
Fixed
34 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-cli-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-commons-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-core-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-dto-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hornetq-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hqclient-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jdbc-store-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-journal-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-native-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-ra-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-selector-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-service-extensions-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-artemis-native-debuginfo-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-artemis-native-wildfly-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.src | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
In Apache ActiveMQ Artemis prior to 2.20.0 or 2.19.1, an attacker could partially disrupt availability (DoS) through uncontrolled resource consumption of memory.
7.5 (High)
Affected products
Fixed
34 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-cli-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-commons-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-core-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-dto-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hornetq-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hqclient-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jdbc-store-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-journal-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-native-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-ra-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-selector-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-service-extensions-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-artemis-native-debuginfo-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-artemis-native-wildfly-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.src | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A path traversal vulnerability was found in Moment.js that impacts npm (server) users. This issue occurs if a user-provided locale string is directly used to switch moment locale, which an attacker can exploit to change the correct path to one of their choice. This can result in a loss of integrity.
7.5 (High)
Affected products
Fixed
34 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-cli-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-commons-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-core-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-dto-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hornetq-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hqclient-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jdbc-store-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-journal-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-native-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-ra-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-selector-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-service-extensions-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-artemis-native-debuginfo-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-artemis-native-wildfly-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.src | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in gson, which is vulnerable to Deserialization of Untrusted Data via the writeReplace() method in internal classes. This issue may lead to availability attacks.
7.5 (High)
Affected products
Fixed
34 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-cli-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-commons-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-core-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-dto-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hornetq-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hqclient-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jdbc-store-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-journal-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-native-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-ra-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-selector-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-service-extensions-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-artemis-native-debuginfo-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-artemis-native-wildfly-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.src | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in the org.yaml.snakeyaml package. This flaw allows an attacker to cause a denial of service (DoS) due to missing nested depth limitation for collections.
7.5 (High)
Affected products
Fixed
34 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-cli-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-commons-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-core-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-dto-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hornetq-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hqclient-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jdbc-store-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-journal-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-native-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-ra-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-selector-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-service-extensions-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-artemis-native-debuginfo-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-artemis-native-wildfly-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.src | — |
Vendor Fix
fix
|
Threats
Impact
Important
A stack-based buffer overflow vulnerability was found in Jettison, where parsing an untrusted XML or JSON data may lead to a crash. This flaw allows an attacker to supply content that causes the parser to crash by writing outside the memory bounds if the parser is running on user-supplied input, resulting in a denial of service attack.
7.5 (High)
Affected products
Fixed
34 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-cli-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-commons-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-core-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-dto-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hornetq-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hqclient-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jdbc-store-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-journal-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-native-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-ra-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-selector-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-service-extensions-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-artemis-native-debuginfo-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-artemis-native-wildfly-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.src | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in the FasterXML/woodstox package. This flaw allows an attacker to cause a denial of service (DoS) in its target via XML serialization. An attacker may benefit from the parser sending a malicious input that may cause a crash. This vulnerability is only relevant for users using the DTD parsing functionality.
7.5 (High)
Affected products
Fixed
34 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-cli-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-commons-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-core-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-dto-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hornetq-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hqclient-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jdbc-store-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-journal-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-native-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-ra-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-selector-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-service-extensions-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-artemis-native-debuginfo-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-artemis-native-wildfly-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.src | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in undertow. This issue makes achieving a denial of service possible due to an unexpected handshake status updated in SslConduit, where the loop never terminates.
7.5 (High)
Affected products
Fixed
34 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-cli-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-commons-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-core-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-dto-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hornetq-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hqclient-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jdbc-store-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-journal-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-native-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-ra-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-selector-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-service-extensions-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-artemis-native-debuginfo-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-artemis-native-wildfly-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.src | — |
Vendor Fix
fix
|
Threats
Impact
Important
A flaw was found in Undertow package. Using the FormAuthenticationMechanism, a malicious user could trigger a Denial of Service by sending crafted requests, leading the server to an OutofMemory error, exhausting the server's memory.
7.5 (High)
Affected products
Fixed
34 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-cli-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-commons-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-core-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-dto-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hornetq-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hqclient-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jdbc-store-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-journal-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-native-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-ra-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-selector-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-service-extensions-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-artemis-native-debuginfo-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-artemis-native-wildfly-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.src | — |
Vendor Fix
fix
|
Threats
Impact
Important
A flaw was found in undertow. Servlets annotated with @MultipartConfig may cause an OutOfMemoryError due to large multipart content. This may allow unauthorized users to cause remote Denial of Service (DoS) attack. If the server uses fileSizeThreshold to limit the file size, it's possible to bypass the limit by setting the file name in the request to null.
7.5 (High)
Affected products
Fixed
34 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-cli-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-commons-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-core-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-dto-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hornetq-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hqclient-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jdbc-store-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-journal-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-native-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-ra-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-selector-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-service-extensions-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-artemis-native-debuginfo-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-artemis-native-wildfly-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.src | — |
Vendor Fix
fix
|
Threats
Impact
Important
A vulnerability was found in Undertow. This vulnerability impacts a server that supports the wildfly-http-client protocol. Whenever a malicious user opens and closes a connection with the HTTP port of the server and then closes the connection immediately, the server will end with both memory and open file limits exhausted at some point, depending on the amount of memory available. At HTTP upgrade to remoting, the WriteTimeoutStreamSinkConduit leaks connections if RemotingConnection is closed by Remoting ServerConnectionOpenListener. Because the remoting connection originates in Undertow as part of the HTTP upgrade, there is an external layer to the remoting connection. This connection is unaware of the outermost layer when closing the connection during the connection opening procedure. Hence, the Undertow WriteTimeoutStreamSinkConduit is not notified of the closed connection in this scenario. Because WriteTimeoutStreamSinkConduit creates a timeout task, the whole dependency tree leaks via that task, which is added to XNIO WorkerThread. So, the workerThread points to the Undertow conduit, which contains the connections and causes the leak.
7.5 (High)
Affected products
Fixed
34 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-cli-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-commons-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-core-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-dto-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hornetq-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hqclient-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jdbc-store-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-journal-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-native-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-ra-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-selector-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-service-extensions-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-artemis-native-debuginfo-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-artemis-native-wildfly-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.src | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
References
99 references
Acknowledgments
System and Software Security Lab in Fudan University
Keke Lian & Haoran Zhao
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "A security update is now available for Red Hat JBoss Enterprise Application Platform 7.1 for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.1.10 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.1.9, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.1.9 Release Notes for information about the most significant bug fixes and enhancements included in this release.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:4226",
"url": "https://access.redhat.com/errata/RHSA-2025:4226"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.1",
"url": "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.1"
},
{
"category": "external",
"summary": "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.1/html-single/installation_guide/index",
"url": "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.1/html-single/installation_guide/index"
},
{
"category": "external",
"summary": "1991299",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1991299"
},
{
"category": "external",
"summary": "1995259",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1995259"
},
{
"category": "external",
"summary": "2010378",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2010378"
},
{
"category": "external",
"summary": "2011190",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2011190"
},
{
"category": "external",
"summary": "2063601",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2063601"
},
{
"category": "external",
"summary": "2064226",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064226"
},
{
"category": "external",
"summary": "2072009",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2072009"
},
{
"category": "external",
"summary": "2073890",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2073890"
},
{
"category": "external",
"summary": "2080850",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2080850"
},
{
"category": "external",
"summary": "2095862",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2095862"
},
{
"category": "external",
"summary": "2126789",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2126789"
},
{
"category": "external",
"summary": "2134291",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2134291"
},
{
"category": "external",
"summary": "2135771",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135771"
},
{
"category": "external",
"summary": "2174246",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2174246"
},
{
"category": "external",
"summary": "2185662",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2185662"
},
{
"category": "external",
"summary": "2209689",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2209689"
},
{
"category": "external",
"summary": "2264928",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2264928"
},
{
"category": "external",
"summary": "JBEAP-29286",
"url": "https://issues.redhat.com/browse/JBEAP-29286"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_4226.json"
}
],
"title": "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.1.10 on RHEL 7 security update",
"tracking": {
"current_release_date": "2026-05-22T14:23:02+00:00",
"generator": {
"date": "2026-05-22T14:23:02+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.1"
}
},
"id": "RHSA-2025:4226",
"initial_release_date": "2025-04-28T00:20:32+00:00",
"revision_history": [
{
"date": "2025-04-28T00:20:32+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-04-28T00:20:32+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-05-22T14:23:02+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server",
"product": {
"name": "Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.1-EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss Enterprise Application Platform"
},
{
"branches": [
{
"category": "product_version",
"name": "eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.src",
"product": {
"name": "eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.src",
"product_id": "eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-xnio-base@3.5.11-1.Final_redhat_00001.1.ep7.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.src",
"product": {
"name": "eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.src",
"product_id": "eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-woodstox-core@5.0.3-2.redhat_00002.1.ep7.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.src",
"product": {
"name": "eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.src",
"product_id": "eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-xml-security@2.0.10-2.redhat_00002.1.ep7.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.src",
"product": {
"name": "eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.src",
"product_id": "eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jsoup@1.14.2-1.redhat_00002.1.ep7.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"product": {
"name": "eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"product_id": "eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis@1.5.5.016-1.redhat_00001.1.ep7.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.src",
"product": {
"name": "eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.src",
"product_id": "eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-undertow@1.4.18-14.SP13_redhat_00001.1.ep7.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"product": {
"name": "eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"product_id": "eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-artemis-native@1.5.5.016-1.redhat_00001.1.ep7.el7?arch=src\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.src",
"product": {
"name": "eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.src",
"product_id": "eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly@7.1.10-2.GA_redhat_00002.1.ep7.el7?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.noarch",
"product": {
"name": "eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.noarch",
"product_id": "eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-xnio-base@3.5.11-1.Final_redhat_00001.1.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.noarch",
"product": {
"name": "eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.noarch",
"product_id": "eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-woodstox-core@5.0.3-2.redhat_00002.1.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.noarch",
"product": {
"name": "eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.noarch",
"product_id": "eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-xml-security@2.0.10-2.redhat_00002.1.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.noarch",
"product": {
"name": "eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.noarch",
"product_id": "eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jsoup@1.14.2-1.redhat_00002.1.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"product": {
"name": "eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"product_id": "eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis@1.5.5.016-1.redhat_00001.1.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-cli-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"product": {
"name": "eap7-activemq-artemis-cli-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"product_id": "eap7-activemq-artemis-cli-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-cli@1.5.5.016-1.redhat_00001.1.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-commons-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"product": {
"name": "eap7-activemq-artemis-commons-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"product_id": "eap7-activemq-artemis-commons-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-commons@1.5.5.016-1.redhat_00001.1.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-core-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"product": {
"name": "eap7-activemq-artemis-core-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"product_id": "eap7-activemq-artemis-core-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-core-client@1.5.5.016-1.redhat_00001.1.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-dto-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"product": {
"name": "eap7-activemq-artemis-dto-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"product_id": "eap7-activemq-artemis-dto-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-dto@1.5.5.016-1.redhat_00001.1.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-hornetq-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"product": {
"name": "eap7-activemq-artemis-hornetq-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"product_id": "eap7-activemq-artemis-hornetq-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-hornetq-protocol@1.5.5.016-1.redhat_00001.1.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-hqclient-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"product": {
"name": "eap7-activemq-artemis-hqclient-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"product_id": "eap7-activemq-artemis-hqclient-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-hqclient-protocol@1.5.5.016-1.redhat_00001.1.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-jdbc-store-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"product": {
"name": "eap7-activemq-artemis-jdbc-store-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"product_id": "eap7-activemq-artemis-jdbc-store-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-jdbc-store@1.5.5.016-1.redhat_00001.1.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-jms-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"product": {
"name": "eap7-activemq-artemis-jms-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"product_id": "eap7-activemq-artemis-jms-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-jms-client@1.5.5.016-1.redhat_00001.1.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-jms-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"product": {
"name": "eap7-activemq-artemis-jms-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"product_id": "eap7-activemq-artemis-jms-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-jms-server@1.5.5.016-1.redhat_00001.1.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-journal-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"product": {
"name": "eap7-activemq-artemis-journal-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"product_id": "eap7-activemq-artemis-journal-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-journal@1.5.5.016-1.redhat_00001.1.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-native-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"product": {
"name": "eap7-activemq-artemis-native-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"product_id": "eap7-activemq-artemis-native-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-native@1.5.5.016-1.redhat_00001.1.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-ra-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"product": {
"name": "eap7-activemq-artemis-ra-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"product_id": "eap7-activemq-artemis-ra-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-ra@1.5.5.016-1.redhat_00001.1.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-selector-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"product": {
"name": "eap7-activemq-artemis-selector-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"product_id": "eap7-activemq-artemis-selector-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-selector@1.5.5.016-1.redhat_00001.1.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"product": {
"name": "eap7-activemq-artemis-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"product_id": "eap7-activemq-artemis-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-server@1.5.5.016-1.redhat_00001.1.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-service-extensions-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"product": {
"name": "eap7-activemq-artemis-service-extensions-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"product_id": "eap7-activemq-artemis-service-extensions-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-service-extensions@1.5.5.016-1.redhat_00001.1.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.noarch",
"product": {
"name": "eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.noarch",
"product_id": "eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-undertow@1.4.18-14.SP13_redhat_00001.1.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"product": {
"name": "eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"product_id": "eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly@7.1.10-2.GA_redhat_00002.1.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-modules-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"product": {
"name": "eap7-wildfly-modules-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"product_id": "eap7-wildfly-modules-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-modules@7.1.10-2.GA_redhat_00002.1.ep7.el7?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"product": {
"name": "eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"product_id": "eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-artemis-native@1.5.5.016-1.redhat_00001.1.ep7.el7?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "eap7-artemis-native-wildfly-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"product": {
"name": "eap7-artemis-native-wildfly-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"product_id": "eap7-artemis-native-wildfly-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-artemis-native-wildfly@1.5.5.016-1.redhat_00001.1.ep7.el7?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "eap7-artemis-native-debuginfo-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"product": {
"name": "eap7-artemis-native-debuginfo-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"product_id": "eap7-artemis-native-debuginfo-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-artemis-native-debuginfo@1.5.5.016-1.redhat_00001.1.ep7.el7?arch=x86_64\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch"
},
"product_reference": "eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.1-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.src as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.src"
},
"product_reference": "eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"relates_to_product_reference": "7Server-JBEAP-7.1-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-cli-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-cli-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch"
},
"product_reference": "eap7-activemq-artemis-cli-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.1-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-commons-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-commons-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch"
},
"product_reference": "eap7-activemq-artemis-commons-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.1-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-core-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-core-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch"
},
"product_reference": "eap7-activemq-artemis-core-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.1-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-dto-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-dto-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch"
},
"product_reference": "eap7-activemq-artemis-dto-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.1-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-hornetq-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hornetq-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch"
},
"product_reference": "eap7-activemq-artemis-hornetq-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.1-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-hqclient-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hqclient-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch"
},
"product_reference": "eap7-activemq-artemis-hqclient-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.1-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-jdbc-store-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jdbc-store-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch"
},
"product_reference": "eap7-activemq-artemis-jdbc-store-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.1-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-jms-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch"
},
"product_reference": "eap7-activemq-artemis-jms-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.1-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-jms-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch"
},
"product_reference": "eap7-activemq-artemis-jms-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.1-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-journal-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-journal-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch"
},
"product_reference": "eap7-activemq-artemis-journal-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.1-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-native-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-native-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch"
},
"product_reference": "eap7-activemq-artemis-native-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.1-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-ra-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-ra-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch"
},
"product_reference": "eap7-activemq-artemis-ra-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.1-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-selector-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-selector-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch"
},
"product_reference": "eap7-activemq-artemis-selector-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.1-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch"
},
"product_reference": "eap7-activemq-artemis-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.1-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-service-extensions-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-service-extensions-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch"
},
"product_reference": "eap7-activemq-artemis-service-extensions-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.1-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.src as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.src"
},
"product_reference": "eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"relates_to_product_reference": "7Server-JBEAP-7.1-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64 as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64"
},
"product_reference": "eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"relates_to_product_reference": "7Server-JBEAP-7.1-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-artemis-native-debuginfo-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64 as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.1-EUS:eap7-artemis-native-debuginfo-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64"
},
"product_reference": "eap7-artemis-native-debuginfo-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"relates_to_product_reference": "7Server-JBEAP-7.1-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-artemis-native-wildfly-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64 as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.1-EUS:eap7-artemis-native-wildfly-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64"
},
"product_reference": "eap7-artemis-native-wildfly-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"relates_to_product_reference": "7Server-JBEAP-7.1-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.noarch"
},
"product_reference": "eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.1-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.src as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.src"
},
"product_reference": "eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.src",
"relates_to_product_reference": "7Server-JBEAP-7.1-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.noarch"
},
"product_reference": "eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.1-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.src as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.src"
},
"product_reference": "eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.src",
"relates_to_product_reference": "7Server-JBEAP-7.1-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.noarch"
},
"product_reference": "eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.1-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.src as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.src"
},
"product_reference": "eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.src",
"relates_to_product_reference": "7Server-JBEAP-7.1-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch"
},
"product_reference": "eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.1-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.src as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.src"
},
"product_reference": "eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.src",
"relates_to_product_reference": "7Server-JBEAP-7.1-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-modules-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch"
},
"product_reference": "eap7-wildfly-modules-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.1-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.noarch"
},
"product_reference": "eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.1-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.src as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.src"
},
"product_reference": "eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.src",
"relates_to_product_reference": "7Server-JBEAP-7.1-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.noarch"
},
"product_reference": "eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.1-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.src as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.src"
},
"product_reference": "eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.src",
"relates_to_product_reference": "7Server-JBEAP-7.1-EUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-3690",
"cwe": {
"id": "CWE-401",
"name": "Missing Release of Memory after Effective Lifetime"
},
"discovery_date": "2021-08-06T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1991299"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Undertow. A buffer leak on the incoming WebSocket PONG message may lead to memory exhaustion. This flaw allows an attacker to cause a denial of service. The highest threat from this vulnerability is availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undertow: buffer leak on incoming websocket PONG message may lead to DoS",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Although Red Hat OpenStack Platform packages the vulnerable code in Opendaylight, it does not use or support the undertow-encapsulating features. The security impact for RHOSP is therefore rated as Low and no update will be provided at this time.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-cli-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-commons-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-core-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-dto-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hornetq-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hqclient-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jdbc-store-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-journal-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-native-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-ra-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-selector-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-service-extensions-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-debuginfo-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-wildfly-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-3690"
},
{
"category": "external",
"summary": "RHBZ#1991299",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1991299"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-3690",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3690"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-3690",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3690"
}
],
"release_date": "2021-07-30T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-04-28T00:20:32+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-cli-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-commons-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-core-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-dto-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hornetq-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hqclient-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jdbc-store-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-journal-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-native-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-ra-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-selector-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-service-extensions-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-debuginfo-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-wildfly-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:4226"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-cli-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-commons-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-core-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-dto-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hornetq-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hqclient-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jdbc-store-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-journal-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-native-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-ra-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-selector-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-service-extensions-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-debuginfo-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-wildfly-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "undertow: buffer leak on incoming websocket PONG message may lead to DoS"
},
{
"cve": "CVE-2021-3859",
"cwe": {
"id": "CWE-214",
"name": "Invocation of Process Using Visible Sensitive Information"
},
"discovery_date": "2021-09-05T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2010378"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Undertow that tripped the client-side invocation timeout with certain calls made over HTTP2. This flaw allows an attacker to carry out denial of service attacks.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undertow: client side invocation timeout raised when calling over HTTP2",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat OpenStack Platform\u0027s OpenDaylight will not be updated for this flaw because it was deprecated as of OpenStack Platform 14 and is only receiving security fixes for Critical flaws.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-cli-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-commons-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-core-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-dto-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hornetq-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hqclient-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jdbc-store-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-journal-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-native-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-ra-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-selector-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-service-extensions-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-debuginfo-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-wildfly-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-3859"
},
{
"category": "external",
"summary": "RHBZ#2010378",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2010378"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-3859",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3859"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-3859",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3859"
}
],
"release_date": "2022-02-01T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-04-28T00:20:32+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-cli-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-commons-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-core-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-dto-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hornetq-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hqclient-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jdbc-store-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-journal-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-native-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-ra-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-selector-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-service-extensions-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-debuginfo-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-wildfly-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:4226"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-cli-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-commons-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-core-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-dto-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hornetq-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hqclient-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jdbc-store-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-journal-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-native-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-ra-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-selector-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-service-extensions-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-debuginfo-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-wildfly-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "undertow: client side invocation timeout raised when calling over HTTP2"
},
{
"cve": "CVE-2021-37714",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2021-08-18T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1995259"
}
],
"notes": [
{
"category": "description",
"text": "jsoup is a Java library for working with HTML. Those using jsoup versions prior to 1.14.2 to parse untrusted HTML or XML may be vulnerable to DOS attacks. If the parser is run on user supplied input, an attacker may supply content that causes the parser to get stuck (loop indefinitely until cancelled), to complete more slowly than usual, or to throw an unexpected exception. This effect may support a denial of service attack. The issue is patched in version 1.14.2. There are a few available workarounds. Users may rate limit input parsing, limit the size of inputs based on system resources, and/or implement thread watchdogs to cap and timeout parse runtimes.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jsoup: Crafted input may cause the jsoup HTML and XML parser to get stuck",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-cli-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-commons-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-core-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-dto-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hornetq-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hqclient-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jdbc-store-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-journal-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-native-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-ra-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-selector-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-service-extensions-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-debuginfo-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-wildfly-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-37714"
},
{
"category": "external",
"summary": "RHBZ#1995259",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1995259"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-37714",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-37714"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-37714",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-37714"
},
{
"category": "external",
"summary": "https://github.com/jhy/jsoup/security/advisories/GHSA-m72m-mhq2-9p6c",
"url": "https://github.com/jhy/jsoup/security/advisories/GHSA-m72m-mhq2-9p6c"
}
],
"release_date": "2021-08-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-04-28T00:20:32+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-cli-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-commons-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-core-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-dto-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hornetq-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hqclient-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jdbc-store-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-journal-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-native-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-ra-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-selector-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-service-extensions-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-debuginfo-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-wildfly-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:4226"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-cli-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-commons-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-core-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-dto-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hornetq-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hqclient-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jdbc-store-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-journal-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-native-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-ra-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-selector-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-service-extensions-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-debuginfo-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-wildfly-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jsoup: Crafted input may cause the jsoup HTML and XML parser to get stuck"
},
{
"cve": "CVE-2021-40690",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2021-09-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2011190"
}
],
"notes": [
{
"category": "description",
"text": "All versions of Apache Santuario - XML Security for Java prior to 2.2.3 and 2.1.7 are vulnerable to an issue where the \"secureValidation\" property is not passed correctly when creating a KeyInfo from a KeyInfoReference element. This allows an attacker to abuse an XPath Transform to extract any local .xml files in a RetrievalMethod element.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "xml-security: XPath Transform abuse allows for information disclosure",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Since OpenShift Container Platform (OCP) 4.7, the logging-elasticsearch6-container is shipping as a part of the OpenShift Logging product (openshift-logging/elasticsearch6-rhel8). The elasticsearch component delivered in OCP 4.6 is marked as `Out of support scope` because these versions are already under Maintenance Phase of the support.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-cli-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-commons-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-core-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-dto-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hornetq-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hqclient-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jdbc-store-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-journal-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-native-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-ra-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-selector-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-service-extensions-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-debuginfo-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-wildfly-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-40690"
},
{
"category": "external",
"summary": "RHBZ#2011190",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2011190"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-40690",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-40690"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-40690",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-40690"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread.html/r8848751b6a5dd78cc9e99d627e74fecfaffdfa1bb615dce827aad633%40%3Cdev.santuario.apache.org%3E",
"url": "https://lists.apache.org/thread.html/r8848751b6a5dd78cc9e99d627e74fecfaffdfa1bb615dce827aad633%40%3Cdev.santuario.apache.org%3E"
}
],
"release_date": "2021-09-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-04-28T00:20:32+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-cli-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-commons-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-core-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-dto-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hornetq-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hqclient-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jdbc-store-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-journal-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-native-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-ra-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-selector-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-service-extensions-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-debuginfo-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-wildfly-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:4226"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-cli-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-commons-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-core-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-dto-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hornetq-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hqclient-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jdbc-store-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-journal-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-native-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-ra-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-selector-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-service-extensions-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-debuginfo-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-wildfly-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "xml-security: XPath Transform abuse allows for information disclosure"
},
{
"cve": "CVE-2022-0084",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2022-03-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2064226"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in XNIO, specifically in the notifyReadClosed method. The issue revealed this method was logging a message to another expected end. This flaw allows an attacker to send flawed requests to a server, possibly causing log contention-related performance concerns or an unwanted disk fill-up.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Although the CVSS stands for 7.5 score, the impact remains Moderate as it demands previous knowledge of the environment to trigger the Denial of Service (DoS)",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-cli-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-commons-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-core-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-dto-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hornetq-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hqclient-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jdbc-store-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-journal-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-native-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-ra-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-selector-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-service-extensions-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-debuginfo-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-wildfly-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-0084"
},
{
"category": "external",
"summary": "RHBZ#2064226",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064226"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-0084",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0084"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-0084",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0084"
}
],
"release_date": "2022-03-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-04-28T00:20:32+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-cli-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-commons-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-core-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-dto-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hornetq-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hqclient-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jdbc-store-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-journal-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-native-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-ra-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-selector-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-service-extensions-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-debuginfo-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-wildfly-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:4226"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-cli-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-commons-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-core-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-dto-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hornetq-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hqclient-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jdbc-store-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-journal-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-native-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-ra-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-selector-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-service-extensions-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-debuginfo-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-wildfly-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr"
},
{
"cve": "CVE-2022-1319",
"cwe": {
"id": "CWE-252",
"name": "Unchecked Return Value"
},
"discovery_date": "2022-04-11T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2073890"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Undertow. For an AJP 400 response, EAP 7 is improperly sending two response packets, and those packets have the reuse flag set even though JBoss EAP closes the connection. A failure occurs when the connection is reused after a 400 by CPING since it reads in the second SEND_HEADERS response packet instead of a CPONG.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undertow: Double AJP response for 400 from EAP 7 results in CPING failures",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-cli-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-commons-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-core-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-dto-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hornetq-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hqclient-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jdbc-store-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-journal-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-native-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-ra-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-selector-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-service-extensions-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-debuginfo-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-wildfly-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-1319"
},
{
"category": "external",
"summary": "RHBZ#2073890",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2073890"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-1319",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1319"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-1319",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1319"
}
],
"release_date": "2022-04-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-04-28T00:20:32+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-cli-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-commons-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-core-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-dto-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hornetq-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hqclient-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jdbc-store-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-journal-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-native-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-ra-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-selector-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-service-extensions-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-debuginfo-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-wildfly-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:4226"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-cli-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-commons-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-core-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-dto-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hornetq-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hqclient-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jdbc-store-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-journal-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-native-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-ra-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-selector-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-service-extensions-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-debuginfo-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-wildfly-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "undertow: Double AJP response for 400 from EAP 7 results in CPING failures"
},
{
"cve": "CVE-2022-2053",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2022-06-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2095862"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Undertow. AJP requests to the server may allow an attacker to send a malicious request and trigger server errors, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undertow: Large AJP request may cause DoS",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Fuse 7 is now in Maintenance Support Phase and is marked Fixed. However, Red Hat Fuse Online does not contain the fix for this flaw.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-cli-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-commons-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-core-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-dto-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hornetq-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hqclient-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jdbc-store-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-journal-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-native-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-ra-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-selector-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-service-extensions-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-debuginfo-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-wildfly-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-2053"
},
{
"category": "external",
"summary": "RHBZ#2095862",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2095862"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-2053",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2053"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-2053",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2053"
}
],
"release_date": "2022-06-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-04-28T00:20:32+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-cli-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-commons-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-core-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-dto-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hornetq-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hqclient-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jdbc-store-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-journal-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-native-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-ra-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-selector-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-service-extensions-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-debuginfo-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-wildfly-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:4226"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-cli-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-commons-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-core-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-dto-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hornetq-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hqclient-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jdbc-store-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-journal-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-native-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-ra-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-selector-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-service-extensions-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-debuginfo-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-wildfly-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "undertow: Large AJP request may cause DoS"
},
{
"cve": "CVE-2022-23913",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2022-02-05T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2063601"
}
],
"notes": [
{
"category": "description",
"text": "In Apache ActiveMQ Artemis prior to 2.20.0 or 2.19.1, an attacker could partially disrupt availability (DoS) through uncontrolled resource consumption of memory.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "artemis-commons: Apache ActiveMQ Artemis DoS",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-cli-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-commons-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-core-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-dto-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hornetq-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hqclient-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jdbc-store-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-journal-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-native-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-ra-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-selector-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-service-extensions-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-debuginfo-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-wildfly-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-23913"
},
{
"category": "external",
"summary": "RHBZ#2063601",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2063601"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-23913",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23913"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-23913",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23913"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/fjynj57rd99s814rdn5hzvmx8lz403q2",
"url": "https://lists.apache.org/thread/fjynj57rd99s814rdn5hzvmx8lz403q2"
}
],
"release_date": "2022-02-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-04-28T00:20:32+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-cli-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-commons-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-core-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-dto-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hornetq-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hqclient-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jdbc-store-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-journal-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-native-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-ra-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-selector-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-service-extensions-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-debuginfo-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-wildfly-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:4226"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-cli-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-commons-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-core-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-dto-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hornetq-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hqclient-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jdbc-store-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-journal-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-native-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-ra-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-selector-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-service-extensions-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-debuginfo-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-wildfly-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "artemis-commons: Apache ActiveMQ Artemis DoS"
},
{
"cve": "CVE-2022-24785",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2022-04-05T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2072009"
}
],
"notes": [
{
"category": "description",
"text": "A path traversal vulnerability was found in Moment.js that impacts npm (server) users. This issue occurs if a user-provided locale string is directly used to switch moment locale, which an attacker can exploit to change the correct path to one of their choice. This can result in a loss of integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Moment.js: Path traversal in moment.locale",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "In Quay 3.10 and above, no version of affected momentjs is present.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-cli-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-commons-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-core-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-dto-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hornetq-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hqclient-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jdbc-store-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-journal-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-native-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-ra-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-selector-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-service-extensions-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-debuginfo-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-wildfly-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-24785"
},
{
"category": "external",
"summary": "RHBZ#2072009",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2072009"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-24785",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24785"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-24785",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24785"
},
{
"category": "external",
"summary": "https://github.com/moment/moment/security/advisories/GHSA-8hfj-j24r-96c4",
"url": "https://github.com/moment/moment/security/advisories/GHSA-8hfj-j24r-96c4"
}
],
"release_date": "2022-04-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-04-28T00:20:32+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-cli-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-commons-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-core-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-dto-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hornetq-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hqclient-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jdbc-store-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-journal-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-native-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-ra-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-selector-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-service-extensions-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-debuginfo-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-wildfly-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:4226"
},
{
"category": "workaround",
"details": "Sanitize the user-provided locale name before passing it to Moment.js.",
"product_ids": [
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-cli-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-commons-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-core-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-dto-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hornetq-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hqclient-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jdbc-store-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-journal-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-native-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-ra-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-selector-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-service-extensions-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-debuginfo-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-wildfly-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.src"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-cli-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-commons-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-core-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-dto-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hornetq-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hqclient-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jdbc-store-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-journal-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-native-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-ra-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-selector-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-service-extensions-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-debuginfo-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-wildfly-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Moment.js: Path traversal in moment.locale"
},
{
"cve": "CVE-2022-25647",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2022-05-02T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2080850"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in gson, which is vulnerable to Deserialization of Untrusted Data via the writeReplace() method in internal classes. This issue may lead to availability attacks.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "com.google.code.gson-gson: Deserialization of Untrusted Data in com.google.code.gson-gson",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-cli-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-commons-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-core-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-dto-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hornetq-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hqclient-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jdbc-store-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-journal-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-native-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-ra-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-selector-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-service-extensions-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-debuginfo-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-wildfly-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-25647"
},
{
"category": "external",
"summary": "RHBZ#2080850",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2080850"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-25647",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25647"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-25647",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25647"
}
],
"release_date": "2022-05-01T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-04-28T00:20:32+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-cli-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-commons-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-core-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-dto-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hornetq-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hqclient-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jdbc-store-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-journal-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-native-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-ra-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-selector-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-service-extensions-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-debuginfo-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-wildfly-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:4226"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-cli-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-commons-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-core-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-dto-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hornetq-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hqclient-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jdbc-store-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-journal-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-native-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-ra-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-selector-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-service-extensions-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-debuginfo-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-wildfly-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "com.google.code.gson-gson: Deserialization of Untrusted Data in com.google.code.gson-gson"
},
{
"cve": "CVE-2022-25857",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2022-09-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2126789"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the org.yaml.snakeyaml package. This flaw allows an attacker to cause a denial of service (DoS) due to missing nested depth limitation for collections.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "snakeyaml: Denial of Service due to missing nested depth limitation for collections",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "For RHEL-8 it\u0027s downgraded to moderate because \"snakeyaml\" itself in RHEL 8 or RHEL-9 isn\u0027t shipped and \"prometheus-jmx-exporter\" is needed as build dependency. And it\u0027s not directly exploitable, hence severity marked as moderate.\nRed Hat Integration and AMQ products are not vulnerable to this flaw, so their severity has been lowered to moderate.\nRed Hat Single Sign-On uses snakeyaml from liquibase-core and is only used when performing migrations and would require administrator privileges to execute, hence severity marked as Low.\nRed Hat Fuse 7 is now in Maintenance Support Phase and details about its fix should be present soon. However, Red Hat Fuse Online (Syndesis) does will not contain the fix for this flaw.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-cli-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-commons-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-core-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-dto-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hornetq-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hqclient-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jdbc-store-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-journal-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-native-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-ra-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-selector-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-service-extensions-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-debuginfo-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-wildfly-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-25857"
},
{
"category": "external",
"summary": "RHBZ#2126789",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2126789"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-25857",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25857"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-25857",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25857"
},
{
"category": "external",
"summary": "https://bitbucket.org/snakeyaml/snakeyaml/issues/525",
"url": "https://bitbucket.org/snakeyaml/snakeyaml/issues/525"
}
],
"release_date": "2022-08-30T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-04-28T00:20:32+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-cli-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-commons-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-core-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-dto-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hornetq-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hqclient-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jdbc-store-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-journal-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-native-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-ra-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-selector-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-service-extensions-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-debuginfo-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-wildfly-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:4226"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-cli-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-commons-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-core-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-dto-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hornetq-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hqclient-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jdbc-store-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-journal-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-native-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-ra-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-selector-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-service-extensions-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-debuginfo-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-wildfly-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "snakeyaml: Denial of Service due to missing nested depth limitation for collections"
},
{
"cve": "CVE-2022-40149",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2022-10-18T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2135771"
}
],
"notes": [
{
"category": "description",
"text": "A stack-based buffer overflow vulnerability was found in Jettison, where parsing an untrusted XML or JSON data may lead to a crash. This flaw allows an attacker to supply content that causes the parser to crash by writing outside the memory bounds if the parser is running on user-supplied input, resulting in a denial of service attack.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jettison: parser crash by stackoverflow",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-cli-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-commons-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-core-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-dto-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hornetq-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hqclient-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jdbc-store-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-journal-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-native-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-ra-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-selector-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-service-extensions-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-debuginfo-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-wildfly-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-40149"
},
{
"category": "external",
"summary": "RHBZ#2135771",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135771"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-40149",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40149"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-40149",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-40149"
},
{
"category": "external",
"summary": "https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1",
"url": "https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1"
}
],
"release_date": "2022-09-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-04-28T00:20:32+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-cli-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-commons-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-core-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-dto-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hornetq-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hqclient-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jdbc-store-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-journal-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-native-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-ra-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-selector-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-service-extensions-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-debuginfo-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-wildfly-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:4226"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-cli-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-commons-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-core-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-dto-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hornetq-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hqclient-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jdbc-store-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-journal-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-native-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-ra-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-selector-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-service-extensions-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-debuginfo-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-wildfly-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jettison: parser crash by stackoverflow"
},
{
"cve": "CVE-2022-40152",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2022-10-13T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2134291"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the FasterXML/woodstox package. This flaw allows an attacker to cause a denial of service (DoS) in its target via XML serialization. An attacker may benefit from the parser sending a malicious input that may cause a crash. This vulnerability is only relevant for users using the DTD parsing functionality.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "woodstox-core: woodstox to serialise XML data was vulnerable to Denial of Service attacks",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-cli-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-commons-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-core-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-dto-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hornetq-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hqclient-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jdbc-store-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-journal-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-native-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-ra-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-selector-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-service-extensions-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-debuginfo-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-wildfly-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-40152"
},
{
"category": "external",
"summary": "RHBZ#2134291",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2134291"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-40152",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40152"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-40152",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-40152"
},
{
"category": "external",
"summary": "https://github.com/advisories/GHSA-3f7h-mf4q-vrm4",
"url": "https://github.com/advisories/GHSA-3f7h-mf4q-vrm4"
}
],
"release_date": "2022-09-16T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-04-28T00:20:32+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-cli-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-commons-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-core-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-dto-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hornetq-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hqclient-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jdbc-store-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-journal-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-native-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-ra-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-selector-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-service-extensions-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-debuginfo-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-wildfly-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:4226"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-cli-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-commons-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-core-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-dto-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hornetq-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hqclient-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jdbc-store-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-journal-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-native-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-ra-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-selector-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-service-extensions-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-debuginfo-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-wildfly-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "woodstox-core: woodstox to serialise XML data was vulnerable to Denial of Service attacks"
},
{
"cve": "CVE-2023-1108",
"cwe": {
"id": "CWE-835",
"name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
},
"discovery_date": "2023-02-07T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2174246"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in undertow. This issue makes achieving a denial of service possible due to an unexpected handshake status updated in SslConduit, where the loop never terminates.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Undertow: Infinite loop in SslConduit during close",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-cli-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-commons-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-core-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-dto-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hornetq-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hqclient-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jdbc-store-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-journal-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-native-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-ra-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-selector-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-service-extensions-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-debuginfo-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-wildfly-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-1108"
},
{
"category": "external",
"summary": "RHBZ#2174246",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2174246"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-1108",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1108"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-1108",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1108"
},
{
"category": "external",
"summary": "https://github.com/advisories/GHSA-m4mm-pg93-fv78",
"url": "https://github.com/advisories/GHSA-m4mm-pg93-fv78"
}
],
"release_date": "2023-03-07T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-04-28T00:20:32+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-cli-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-commons-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-core-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-dto-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hornetq-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hqclient-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jdbc-store-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-journal-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-native-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-ra-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-selector-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-service-extensions-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-debuginfo-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-wildfly-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:4226"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-cli-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-commons-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-core-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-dto-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hornetq-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hqclient-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jdbc-store-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-journal-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-native-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-ra-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-selector-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-service-extensions-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-debuginfo-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-wildfly-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Undertow: Infinite loop in SslConduit during close"
},
{
"cve": "CVE-2023-1973",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2023-02-20T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2185662"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Undertow package. Using the FormAuthenticationMechanism, a malicious user could trigger a Denial of Service by sending crafted requests, leading the server to an OutofMemory error, exhausting the server\u0027s memory.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undertow: unrestricted request storage leads to memory exhaustion",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-cli-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-commons-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-core-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-dto-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hornetq-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hqclient-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jdbc-store-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-journal-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-native-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-ra-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-selector-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-service-extensions-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-debuginfo-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-wildfly-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-1973"
},
{
"category": "external",
"summary": "RHBZ#2185662",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2185662"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-1973",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1973"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-1973",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1973"
}
],
"release_date": "2024-04-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-04-28T00:20:32+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-cli-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-commons-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-core-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-dto-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hornetq-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hqclient-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jdbc-store-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-journal-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-native-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-ra-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-selector-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-service-extensions-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-debuginfo-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-wildfly-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:4226"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-cli-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-commons-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-core-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-dto-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hornetq-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hqclient-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jdbc-store-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-journal-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-native-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-ra-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-selector-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-service-extensions-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-debuginfo-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-wildfly-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "undertow: unrestricted request storage leads to memory exhaustion"
},
{
"acknowledgments": [
{
"names": [
"Keke Lian \u0026 Haoran Zhao"
],
"organization": "System and Software Security Lab in Fudan University"
}
],
"cve": "CVE-2023-3223",
"cwe": {
"id": "CWE-789",
"name": "Memory Allocation with Excessive Size Value"
},
"discovery_date": "2023-05-24T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2209689"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in undertow. Servlets annotated with @MultipartConfig may cause an OutOfMemoryError due to large multipart content. This may allow unauthorized users to cause remote Denial of Service (DoS) attack. If the server uses fileSizeThreshold to limit the file size, it\u0027s possible to bypass the limit by setting the file name in the request to null.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undertow: OutOfMemoryError due to @MultipartConfig handling",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-cli-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-commons-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-core-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-dto-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hornetq-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hqclient-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jdbc-store-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-journal-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-native-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-ra-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-selector-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-service-extensions-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-debuginfo-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-wildfly-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-3223"
},
{
"category": "external",
"summary": "RHBZ#2209689",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2209689"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-3223",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3223"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-3223",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-3223"
}
],
"release_date": "2023-08-07T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-04-28T00:20:32+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-cli-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-commons-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-core-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-dto-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hornetq-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hqclient-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jdbc-store-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-journal-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-native-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-ra-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-selector-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-service-extensions-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-debuginfo-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-wildfly-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:4226"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-cli-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-commons-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-core-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-dto-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hornetq-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hqclient-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jdbc-store-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-journal-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-native-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-ra-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-selector-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-service-extensions-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-debuginfo-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-wildfly-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "undertow: OutOfMemoryError due to @MultipartConfig handling"
},
{
"cve": "CVE-2024-1635",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2024-02-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2264928"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in Undertow. This vulnerability impacts a server that supports the wildfly-http-client protocol. Whenever a malicious user opens and closes a connection with the HTTP port of the server and then closes the connection immediately, the server will end with both memory and open file limits exhausted at some point, depending on the amount of memory available. \r\n\r\nAt HTTP upgrade to remoting, the WriteTimeoutStreamSinkConduit leaks connections if RemotingConnection is closed by Remoting ServerConnectionOpenListener. Because the remoting connection originates in Undertow as part of the HTTP upgrade, there is an external layer to the remoting connection. This connection is unaware of the outermost layer when closing the connection during the connection opening procedure. Hence, the Undertow WriteTimeoutStreamSinkConduit is not notified of the closed connection in this scenario. Because WriteTimeoutStreamSinkConduit creates a timeout task, the whole dependency tree leaks via that task, which is added to XNIO WorkerThread. So, the workerThread points to the Undertow conduit, which contains the connections and causes the leak.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undertow: Out-of-memory Error after several closed connections with wildfly-http-client protocol",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is rated as Important due to the fact that this might be an unauthenticated remote issue exploited by a malicious user, causing a denial of service (DoS) to the affected server.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-cli-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-commons-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-core-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-dto-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hornetq-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hqclient-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jdbc-store-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-journal-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-native-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-ra-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-selector-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-service-extensions-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-debuginfo-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-wildfly-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-1635"
},
{
"category": "external",
"summary": "RHBZ#2264928",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2264928"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-1635",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-1635"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-1635",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-1635"
}
],
"release_date": "2023-10-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-04-28T00:20:32+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-cli-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-commons-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-core-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-dto-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hornetq-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hqclient-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jdbc-store-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-journal-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-native-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-ra-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-selector-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-service-extensions-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-debuginfo-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-wildfly-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:4226"
},
{
"category": "workaround",
"details": "No mitigation is currently available for this vulnerability. However, there might be some protections, such as request limits by a load balancer in front of JBoss EAP/Wildfly or even Undertow, that could minimize the impact.",
"product_ids": [
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-cli-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-commons-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-core-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-dto-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hornetq-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hqclient-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jdbc-store-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-journal-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-native-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-ra-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-selector-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-service-extensions-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-debuginfo-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-wildfly-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.src"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-cli-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-commons-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-core-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-dto-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hornetq-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hqclient-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jdbc-store-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-journal-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-native-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-ra-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-selector-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-service-extensions-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-debuginfo-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-wildfly-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "undertow: Out-of-memory Error after several closed connections with wildfly-http-client protocol"
}
]
}
RHSA-2025:4437
Vulnerability from csaf_redhat - Published: 2025-05-05 00:13 - Updated: 2026-05-22 14:23Summary
Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.3.13 security update
Severity
Important
Notes
Topic: An update is now available for Red Hat JBoss Enterprise Application Platform 7.3 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.3.13 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.3.12, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.3.13 Release Notes for information about the most significant bug fixes and enhancements included in this release.
Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.3.13 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.3.12, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.3.13 Release Notes for information about the most significant bug fixes and enhancements included in this release.
Security Fix(es):
* com.google.code.gson-gson: Deserialization of Untrusted Data in com.google.code.gson-gson [eap-7.3.z] (CVE-2022-25647)
* woodstox-core: woodstox to serialise XML data was vulnerable to Denial of Service attacks [eap-7.3.z] (CVE-2022-40152)
* xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr [eap-7.3.z] (CVE-2022-0084)
* artemis-commons: Apache ActiveMQ Artemis DoS [eap-7.3] (CVE-2022-23913)
* Moment.js: Path traversal in moment.locale [eap-7.3.z] (CVE-2022-24785)
* jettison: memory exhaustion via user-supplied XML or JSON data [eap-7.3.z] (CVE-2022-40150)
* snakeyaml: Denial of Service due to missing nested depth limitation for collections [eap-7.3.z] (CVE-2022-25857)
* jettison: parser crash by stackoverflow [eap-7.3.z] (CVE-2022-40149)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgements, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in XNIO, specifically in the notifyReadClosed method. The issue revealed this method was logging a message to another expected end. This flaw allows an attacker to send flawed requests to a server, possibly causing log contention-related performance concerns or an unwanted disk fill-up.
7.5 (High)
Affected products
Fixed
54 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-0:2.9.0-10.redhat_00021.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-0:2.9.0-10.redhat_00021.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-cli-0:2.9.0-10.redhat_00021.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-commons-0:2.9.0-10.redhat_00021.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-core-client-0:2.9.0-10.redhat_00021.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-dto-0:2.9.0-10.redhat_00021.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-hornetq-protocol-0:2.9.0-10.redhat_00021.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-hqclient-protocol-0:2.9.0-10.redhat_00021.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-jdbc-store-0:2.9.0-10.redhat_00021.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-jms-client-0:2.9.0-10.redhat_00021.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-jms-server-0:2.9.0-10.redhat_00021.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-journal-0:2.9.0-10.redhat_00021.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-ra-0:2.9.0-10.redhat_00021.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-selector-0:2.9.0-10.redhat_00021.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-server-0:2.9.0-10.redhat_00021.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-service-extensions-0:2.9.0-10.redhat_00021.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-tools-0:2.9.0-10.redhat_00021.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-gson-0:2.8.9-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-gson-0:2.8.9-1.redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-hal-console-0:3.2.18-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-hal-console-0:3.2.18-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-14.Final_redhat_00015.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.14-3.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.14-3.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.13-4.GA_redhat_00002.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
In Apache ActiveMQ Artemis prior to 2.20.0 or 2.19.1, an attacker could partially disrupt availability (DoS) through uncontrolled resource consumption of memory.
7.5 (High)
Affected products
Fixed
54 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-0:2.9.0-10.redhat_00021.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-0:2.9.0-10.redhat_00021.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-cli-0:2.9.0-10.redhat_00021.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-commons-0:2.9.0-10.redhat_00021.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-core-client-0:2.9.0-10.redhat_00021.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-dto-0:2.9.0-10.redhat_00021.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-hornetq-protocol-0:2.9.0-10.redhat_00021.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-hqclient-protocol-0:2.9.0-10.redhat_00021.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-jdbc-store-0:2.9.0-10.redhat_00021.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-jms-client-0:2.9.0-10.redhat_00021.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-jms-server-0:2.9.0-10.redhat_00021.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-journal-0:2.9.0-10.redhat_00021.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-ra-0:2.9.0-10.redhat_00021.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-selector-0:2.9.0-10.redhat_00021.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-server-0:2.9.0-10.redhat_00021.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-service-extensions-0:2.9.0-10.redhat_00021.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-tools-0:2.9.0-10.redhat_00021.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-gson-0:2.8.9-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-gson-0:2.8.9-1.redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-hal-console-0:3.2.18-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-hal-console-0:3.2.18-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-14.Final_redhat_00015.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.14-3.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.14-3.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.13-4.GA_redhat_00002.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A path traversal vulnerability was found in Moment.js that impacts npm (server) users. This issue occurs if a user-provided locale string is directly used to switch moment locale, which an attacker can exploit to change the correct path to one of their choice. This can result in a loss of integrity.
7.5 (High)
Affected products
Fixed
54 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-0:2.9.0-10.redhat_00021.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-0:2.9.0-10.redhat_00021.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-cli-0:2.9.0-10.redhat_00021.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-commons-0:2.9.0-10.redhat_00021.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-core-client-0:2.9.0-10.redhat_00021.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-dto-0:2.9.0-10.redhat_00021.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-hornetq-protocol-0:2.9.0-10.redhat_00021.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-hqclient-protocol-0:2.9.0-10.redhat_00021.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-jdbc-store-0:2.9.0-10.redhat_00021.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-jms-client-0:2.9.0-10.redhat_00021.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-jms-server-0:2.9.0-10.redhat_00021.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-journal-0:2.9.0-10.redhat_00021.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-ra-0:2.9.0-10.redhat_00021.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-selector-0:2.9.0-10.redhat_00021.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-server-0:2.9.0-10.redhat_00021.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-service-extensions-0:2.9.0-10.redhat_00021.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-tools-0:2.9.0-10.redhat_00021.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-gson-0:2.8.9-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-gson-0:2.8.9-1.redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-hal-console-0:3.2.18-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-hal-console-0:3.2.18-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-14.Final_redhat_00015.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.14-3.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.14-3.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.13-4.GA_redhat_00002.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in gson, which is vulnerable to Deserialization of Untrusted Data via the writeReplace() method in internal classes. This issue may lead to availability attacks.
7.5 (High)
Affected products
Fixed
54 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-0:2.9.0-10.redhat_00021.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-0:2.9.0-10.redhat_00021.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-cli-0:2.9.0-10.redhat_00021.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-commons-0:2.9.0-10.redhat_00021.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-core-client-0:2.9.0-10.redhat_00021.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-dto-0:2.9.0-10.redhat_00021.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-hornetq-protocol-0:2.9.0-10.redhat_00021.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-hqclient-protocol-0:2.9.0-10.redhat_00021.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-jdbc-store-0:2.9.0-10.redhat_00021.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-jms-client-0:2.9.0-10.redhat_00021.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-jms-server-0:2.9.0-10.redhat_00021.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-journal-0:2.9.0-10.redhat_00021.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-ra-0:2.9.0-10.redhat_00021.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-selector-0:2.9.0-10.redhat_00021.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-server-0:2.9.0-10.redhat_00021.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-service-extensions-0:2.9.0-10.redhat_00021.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-tools-0:2.9.0-10.redhat_00021.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-gson-0:2.8.9-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-gson-0:2.8.9-1.redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-hal-console-0:3.2.18-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-hal-console-0:3.2.18-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-14.Final_redhat_00015.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.14-3.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.14-3.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.13-4.GA_redhat_00002.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in the org.yaml.snakeyaml package. This flaw allows an attacker to cause a denial of service (DoS) due to missing nested depth limitation for collections.
7.5 (High)
Affected products
Fixed
54 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-0:2.9.0-10.redhat_00021.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-0:2.9.0-10.redhat_00021.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-cli-0:2.9.0-10.redhat_00021.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-commons-0:2.9.0-10.redhat_00021.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-core-client-0:2.9.0-10.redhat_00021.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-dto-0:2.9.0-10.redhat_00021.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-hornetq-protocol-0:2.9.0-10.redhat_00021.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-hqclient-protocol-0:2.9.0-10.redhat_00021.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-jdbc-store-0:2.9.0-10.redhat_00021.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-jms-client-0:2.9.0-10.redhat_00021.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-jms-server-0:2.9.0-10.redhat_00021.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-journal-0:2.9.0-10.redhat_00021.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-ra-0:2.9.0-10.redhat_00021.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-selector-0:2.9.0-10.redhat_00021.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-server-0:2.9.0-10.redhat_00021.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-service-extensions-0:2.9.0-10.redhat_00021.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-tools-0:2.9.0-10.redhat_00021.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-gson-0:2.8.9-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-gson-0:2.8.9-1.redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-hal-console-0:3.2.18-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-hal-console-0:3.2.18-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-14.Final_redhat_00015.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.14-3.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.14-3.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.13-4.GA_redhat_00002.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
Threats
Impact
Important
A stack-based buffer overflow vulnerability was found in Jettison, where parsing an untrusted XML or JSON data may lead to a crash. This flaw allows an attacker to supply content that causes the parser to crash by writing outside the memory bounds if the parser is running on user-supplied input, resulting in a denial of service attack.
7.5 (High)
Affected products
Fixed
54 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-0:2.9.0-10.redhat_00021.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-0:2.9.0-10.redhat_00021.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-cli-0:2.9.0-10.redhat_00021.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-commons-0:2.9.0-10.redhat_00021.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-core-client-0:2.9.0-10.redhat_00021.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-dto-0:2.9.0-10.redhat_00021.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-hornetq-protocol-0:2.9.0-10.redhat_00021.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-hqclient-protocol-0:2.9.0-10.redhat_00021.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-jdbc-store-0:2.9.0-10.redhat_00021.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-jms-client-0:2.9.0-10.redhat_00021.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-jms-server-0:2.9.0-10.redhat_00021.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-journal-0:2.9.0-10.redhat_00021.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-ra-0:2.9.0-10.redhat_00021.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-selector-0:2.9.0-10.redhat_00021.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-server-0:2.9.0-10.redhat_00021.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-service-extensions-0:2.9.0-10.redhat_00021.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-tools-0:2.9.0-10.redhat_00021.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-gson-0:2.8.9-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-gson-0:2.8.9-1.redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-hal-console-0:3.2.18-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-hal-console-0:3.2.18-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-14.Final_redhat_00015.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.14-3.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.14-3.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.13-4.GA_redhat_00002.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A vulnerability was found in Jettison, where parsing an untrusted XML or JSON data may lead to a crash. If the parser is running on user-supplied input, an attacker may supply content that causes the parser to crash, causing memory exhaustion. This effect may support a denial of service attack.
7.5 (High)
Affected products
Fixed
54 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-0:2.9.0-10.redhat_00021.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-0:2.9.0-10.redhat_00021.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-cli-0:2.9.0-10.redhat_00021.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-commons-0:2.9.0-10.redhat_00021.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-core-client-0:2.9.0-10.redhat_00021.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-dto-0:2.9.0-10.redhat_00021.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-hornetq-protocol-0:2.9.0-10.redhat_00021.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-hqclient-protocol-0:2.9.0-10.redhat_00021.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-jdbc-store-0:2.9.0-10.redhat_00021.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-jms-client-0:2.9.0-10.redhat_00021.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-jms-server-0:2.9.0-10.redhat_00021.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-journal-0:2.9.0-10.redhat_00021.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-ra-0:2.9.0-10.redhat_00021.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-selector-0:2.9.0-10.redhat_00021.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-server-0:2.9.0-10.redhat_00021.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-service-extensions-0:2.9.0-10.redhat_00021.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-tools-0:2.9.0-10.redhat_00021.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-gson-0:2.8.9-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-gson-0:2.8.9-1.redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-hal-console-0:3.2.18-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-hal-console-0:3.2.18-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-14.Final_redhat_00015.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.14-3.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.14-3.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.13-4.GA_redhat_00002.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
Threats
Impact
Low
A flaw was found in the FasterXML/woodstox package. This flaw allows an attacker to cause a denial of service (DoS) in its target via XML serialization. An attacker may benefit from the parser sending a malicious input that may cause a crash. This vulnerability is only relevant for users using the DTD parsing functionality.
7.5 (High)
Affected products
Fixed
54 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-0:2.9.0-10.redhat_00021.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-0:2.9.0-10.redhat_00021.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-cli-0:2.9.0-10.redhat_00021.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-commons-0:2.9.0-10.redhat_00021.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-core-client-0:2.9.0-10.redhat_00021.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-dto-0:2.9.0-10.redhat_00021.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-hornetq-protocol-0:2.9.0-10.redhat_00021.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-hqclient-protocol-0:2.9.0-10.redhat_00021.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-jdbc-store-0:2.9.0-10.redhat_00021.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-jms-client-0:2.9.0-10.redhat_00021.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-jms-server-0:2.9.0-10.redhat_00021.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-journal-0:2.9.0-10.redhat_00021.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-ra-0:2.9.0-10.redhat_00021.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-selector-0:2.9.0-10.redhat_00021.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-server-0:2.9.0-10.redhat_00021.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-service-extensions-0:2.9.0-10.redhat_00021.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-tools-0:2.9.0-10.redhat_00021.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-gson-0:2.8.9-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-gson-0:2.8.9-1.redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-hal-console-0:3.2.18-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-hal-console-0:3.2.18-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-14.Final_redhat_00015.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.14-3.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.14-3.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.13-4.GA_redhat_00002.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
References
52 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update is now available for Red Hat JBoss Enterprise Application Platform 7.3 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.3.13 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.3.12, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.3.13 Release Notes for information about the most significant bug fixes and enhancements included in this release.\n\nRed Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.3.13 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.3.12, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.3.13 Release Notes for information about the most significant bug fixes and enhancements included in this release.\n\nSecurity Fix(es):\n\n* com.google.code.gson-gson: Deserialization of Untrusted Data in com.google.code.gson-gson [eap-7.3.z] (CVE-2022-25647)\n\n* woodstox-core: woodstox to serialise XML data was vulnerable to Denial of Service attacks [eap-7.3.z] (CVE-2022-40152)\n\n* xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr [eap-7.3.z] (CVE-2022-0084)\n\n* artemis-commons: Apache ActiveMQ Artemis DoS [eap-7.3] (CVE-2022-23913)\n\n* Moment.js: Path traversal in moment.locale [eap-7.3.z] (CVE-2022-24785)\n\n* jettison: memory exhaustion via user-supplied XML or JSON data [eap-7.3.z] (CVE-2022-40150)\n\n* snakeyaml: Denial of Service due to missing nested depth limitation for collections [eap-7.3.z] (CVE-2022-25857)\n\n* jettison: parser crash by stackoverflow [eap-7.3.z] (CVE-2022-40149)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgements, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:4437",
"url": "https://access.redhat.com/errata/RHSA-2025:4437"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.3",
"url": "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.3"
},
{
"category": "external",
"summary": "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.3/html-single/installation_guide/index",
"url": "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.3/html-single/installation_guide/index"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003"
},
{
"category": "external",
"summary": "2063601",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2063601"
},
{
"category": "external",
"summary": "2064226",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064226"
},
{
"category": "external",
"summary": "2072009",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2072009"
},
{
"category": "external",
"summary": "2080850",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2080850"
},
{
"category": "external",
"summary": "2126789",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2126789"
},
{
"category": "external",
"summary": "2134291",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2134291"
},
{
"category": "external",
"summary": "2135770",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135770"
},
{
"category": "external",
"summary": "2135771",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135771"
},
{
"category": "external",
"summary": "JBEAP-29297",
"url": "https://issues.redhat.com/browse/JBEAP-29297"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_4437.json"
}
],
"title": "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.3.13 security update",
"tracking": {
"current_release_date": "2026-05-22T14:23:07+00:00",
"generator": {
"date": "2026-05-22T14:23:07+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.1"
}
},
"id": "RHSA-2025:4437",
"initial_release_date": "2025-05-05T00:13:08+00:00",
"revision_history": [
{
"date": "2025-05-05T00:13:08+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-05-05T00:13:08+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-05-22T14:23:07+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product": {
"name": "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss Enterprise Application Platform"
},
{
"branches": [
{
"category": "product_version",
"name": "eap7-hal-console-0:3.2.18-1.Final_redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-hal-console-0:3.2.18-1.Final_redhat_00001.1.el7eap.src",
"product_id": "eap7-hal-console-0:3.2.18-1.Final_redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hal-console@3.2.18-1.Final_redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-xnio-base-0:3.7.14-3.Final_redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-jboss-xnio-base-0:3.7.14-3.Final_redhat_00001.1.el7eap.src",
"product_id": "eap7-jboss-xnio-base-0:3.7.14-3.Final_redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-xnio-base@3.7.14-3.Final_redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-gson-0:2.8.9-1.redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-gson-0:2.8.9-1.redhat_00001.1.el7eap.src",
"product_id": "eap7-gson-0:2.8.9-1.redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-gson@2.8.9-1.redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src",
"product_id": "eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-woodstox-core@6.4.0-1.redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-0:2.9.0-10.redhat_00021.1.el7eap.src",
"product": {
"name": "eap7-activemq-artemis-0:2.9.0-10.redhat_00021.1.el7eap.src",
"product_id": "eap7-activemq-artemis-0:2.9.0-10.redhat_00021.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis@2.9.0-10.redhat_00021.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-0:1.7.2-14.Final_redhat_00015.1.el7eap.src",
"product": {
"name": "eap7-jboss-server-migration-0:1.7.2-14.Final_redhat_00015.1.el7eap.src",
"product_id": "eap7-jboss-server-migration-0:1.7.2-14.Final_redhat_00015.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration@1.7.2-14.Final_redhat_00015.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-0:7.3.13-4.GA_redhat_00002.1.el7eap.src",
"product": {
"name": "eap7-wildfly-0:7.3.13-4.GA_redhat_00002.1.el7eap.src",
"product_id": "eap7-wildfly-0:7.3.13-4.GA_redhat_00002.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly@7.3.13-4.GA_redhat_00002.1.el7eap?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "eap7-hal-console-0:3.2.18-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-hal-console-0:3.2.18-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-hal-console-0:3.2.18-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hal-console@3.2.18-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-xnio-base-0:3.7.14-3.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-xnio-base-0:3.7.14-3.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-jboss-xnio-base-0:3.7.14-3.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-xnio-base@3.7.14-3.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-gson-0:2.8.9-1.redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-gson-0:2.8.9-1.redhat_00001.1.el7eap.noarch",
"product_id": "eap7-gson-0:2.8.9-1.redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-gson@2.8.9-1.redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch",
"product_id": "eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-woodstox-core@6.4.0-1.redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"product": {
"name": "eap7-activemq-artemis-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"product_id": "eap7-activemq-artemis-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis@2.9.0-10.redhat_00021.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-cli-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"product": {
"name": "eap7-activemq-artemis-cli-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"product_id": "eap7-activemq-artemis-cli-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-cli@2.9.0-10.redhat_00021.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-commons-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"product": {
"name": "eap7-activemq-artemis-commons-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"product_id": "eap7-activemq-artemis-commons-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-commons@2.9.0-10.redhat_00021.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-core-client-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"product": {
"name": "eap7-activemq-artemis-core-client-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"product_id": "eap7-activemq-artemis-core-client-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-core-client@2.9.0-10.redhat_00021.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-dto-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"product": {
"name": "eap7-activemq-artemis-dto-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"product_id": "eap7-activemq-artemis-dto-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-dto@2.9.0-10.redhat_00021.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-hornetq-protocol-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"product": {
"name": "eap7-activemq-artemis-hornetq-protocol-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"product_id": "eap7-activemq-artemis-hornetq-protocol-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-hornetq-protocol@2.9.0-10.redhat_00021.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-hqclient-protocol-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"product": {
"name": "eap7-activemq-artemis-hqclient-protocol-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"product_id": "eap7-activemq-artemis-hqclient-protocol-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-hqclient-protocol@2.9.0-10.redhat_00021.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-jdbc-store-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"product": {
"name": "eap7-activemq-artemis-jdbc-store-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"product_id": "eap7-activemq-artemis-jdbc-store-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-jdbc-store@2.9.0-10.redhat_00021.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-jms-client-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"product": {
"name": "eap7-activemq-artemis-jms-client-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"product_id": "eap7-activemq-artemis-jms-client-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-jms-client@2.9.0-10.redhat_00021.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-jms-server-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"product": {
"name": "eap7-activemq-artemis-jms-server-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"product_id": "eap7-activemq-artemis-jms-server-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-jms-server@2.9.0-10.redhat_00021.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-journal-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"product": {
"name": "eap7-activemq-artemis-journal-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"product_id": "eap7-activemq-artemis-journal-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-journal@2.9.0-10.redhat_00021.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-ra-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"product": {
"name": "eap7-activemq-artemis-ra-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"product_id": "eap7-activemq-artemis-ra-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-ra@2.9.0-10.redhat_00021.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-selector-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"product": {
"name": "eap7-activemq-artemis-selector-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"product_id": "eap7-activemq-artemis-selector-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-selector@2.9.0-10.redhat_00021.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-server-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"product": {
"name": "eap7-activemq-artemis-server-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"product_id": "eap7-activemq-artemis-server-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-server@2.9.0-10.redhat_00021.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-service-extensions-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"product": {
"name": "eap7-activemq-artemis-service-extensions-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"product_id": "eap7-activemq-artemis-service-extensions-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-service-extensions@2.9.0-10.redhat_00021.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-tools-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"product": {
"name": "eap7-activemq-artemis-tools-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"product_id": "eap7-activemq-artemis-tools-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-tools@2.9.0-10.redhat_00021.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration@1.7.2-14.Final_redhat_00015.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-cli-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-cli-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-cli-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-cli@1.7.2-14.Final_redhat_00015.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-core-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-core-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-core-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-core@1.7.2-14.Final_redhat_00015.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-eap6.4-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-eap6.4-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-eap6.4-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap6.4@1.7.2-14.Final_redhat_00015.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap6.4-to-eap7.3@1.7.2-14.Final_redhat_00015.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-eap7.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-eap7.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-eap7.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.0@1.7.2-14.Final_redhat_00015.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-eap7.1-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-eap7.1-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-eap7.1-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.1@1.7.2-14.Final_redhat_00015.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-eap7.2-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-eap7.2-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-eap7.2-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.2@1.7.2-14.Final_redhat_00015.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.2-to-eap7.3@1.7.2-14.Final_redhat_00015.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-eap7.3-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-eap7.3-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-eap7.3-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.3-server@1.7.2-14.Final_redhat_00015.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly10.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly10.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly10.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly10.0@1.7.2-14.Final_redhat_00015.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly10.1-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly10.1-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly10.1-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly10.1@1.7.2-14.Final_redhat_00015.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly11.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly11.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly11.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly11.0@1.7.2-14.Final_redhat_00015.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly12.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly12.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly12.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly12.0@1.7.2-14.Final_redhat_00015.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly13.0-server@1.7.2-14.Final_redhat_00015.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly14.0-server@1.7.2-14.Final_redhat_00015.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly15.0-server@1.7.2-14.Final_redhat_00015.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly16.0-server@1.7.2-14.Final_redhat_00015.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly17.0-server@1.7.2-14.Final_redhat_00015.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly18.0-server@1.7.2-14.Final_redhat_00015.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly8.2-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly8.2-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly8.2-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly8.2@1.7.2-14.Final_redhat_00015.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly9.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly9.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly9.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly9.0@1.7.2-14.Final_redhat_00015.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"product": {
"name": "eap7-wildfly-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"product_id": "eap7-wildfly-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly@7.3.13-4.GA_redhat_00002.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-java-jdk11-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"product": {
"name": "eap7-wildfly-java-jdk11-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"product_id": "eap7-wildfly-java-jdk11-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-java-jdk11@7.3.13-4.GA_redhat_00002.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-java-jdk8-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"product": {
"name": "eap7-wildfly-java-jdk8-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"product_id": "eap7-wildfly-java-jdk8-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-java-jdk8@7.3.13-4.GA_redhat_00002.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-javadocs-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"product": {
"name": "eap7-wildfly-javadocs-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"product_id": "eap7-wildfly-javadocs-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-javadocs@7.3.13-4.GA_redhat_00002.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-modules-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"product": {
"name": "eap7-wildfly-modules-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"product_id": "eap7-wildfly-modules-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-modules@7.3.13-4.GA_redhat_00002.1.el7eap?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-0:2.9.0-10.redhat_00021.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-0:2.9.0-10.redhat_00021.1.el7eap.noarch"
},
"product_reference": "eap7-activemq-artemis-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-0:2.9.0-10.redhat_00021.1.el7eap.src as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-0:2.9.0-10.redhat_00021.1.el7eap.src"
},
"product_reference": "eap7-activemq-artemis-0:2.9.0-10.redhat_00021.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-cli-0:2.9.0-10.redhat_00021.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-cli-0:2.9.0-10.redhat_00021.1.el7eap.noarch"
},
"product_reference": "eap7-activemq-artemis-cli-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-commons-0:2.9.0-10.redhat_00021.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-commons-0:2.9.0-10.redhat_00021.1.el7eap.noarch"
},
"product_reference": "eap7-activemq-artemis-commons-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-core-client-0:2.9.0-10.redhat_00021.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-core-client-0:2.9.0-10.redhat_00021.1.el7eap.noarch"
},
"product_reference": "eap7-activemq-artemis-core-client-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-dto-0:2.9.0-10.redhat_00021.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-dto-0:2.9.0-10.redhat_00021.1.el7eap.noarch"
},
"product_reference": "eap7-activemq-artemis-dto-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-hornetq-protocol-0:2.9.0-10.redhat_00021.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-hornetq-protocol-0:2.9.0-10.redhat_00021.1.el7eap.noarch"
},
"product_reference": "eap7-activemq-artemis-hornetq-protocol-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-hqclient-protocol-0:2.9.0-10.redhat_00021.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-hqclient-protocol-0:2.9.0-10.redhat_00021.1.el7eap.noarch"
},
"product_reference": "eap7-activemq-artemis-hqclient-protocol-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-jdbc-store-0:2.9.0-10.redhat_00021.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-jdbc-store-0:2.9.0-10.redhat_00021.1.el7eap.noarch"
},
"product_reference": "eap7-activemq-artemis-jdbc-store-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-jms-client-0:2.9.0-10.redhat_00021.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-jms-client-0:2.9.0-10.redhat_00021.1.el7eap.noarch"
},
"product_reference": "eap7-activemq-artemis-jms-client-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-jms-server-0:2.9.0-10.redhat_00021.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-jms-server-0:2.9.0-10.redhat_00021.1.el7eap.noarch"
},
"product_reference": "eap7-activemq-artemis-jms-server-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-journal-0:2.9.0-10.redhat_00021.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-journal-0:2.9.0-10.redhat_00021.1.el7eap.noarch"
},
"product_reference": "eap7-activemq-artemis-journal-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-ra-0:2.9.0-10.redhat_00021.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-ra-0:2.9.0-10.redhat_00021.1.el7eap.noarch"
},
"product_reference": "eap7-activemq-artemis-ra-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-selector-0:2.9.0-10.redhat_00021.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-selector-0:2.9.0-10.redhat_00021.1.el7eap.noarch"
},
"product_reference": "eap7-activemq-artemis-selector-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-server-0:2.9.0-10.redhat_00021.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-server-0:2.9.0-10.redhat_00021.1.el7eap.noarch"
},
"product_reference": "eap7-activemq-artemis-server-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-service-extensions-0:2.9.0-10.redhat_00021.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-service-extensions-0:2.9.0-10.redhat_00021.1.el7eap.noarch"
},
"product_reference": "eap7-activemq-artemis-service-extensions-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-tools-0:2.9.0-10.redhat_00021.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-tools-0:2.9.0-10.redhat_00021.1.el7eap.noarch"
},
"product_reference": "eap7-activemq-artemis-tools-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-gson-0:2.8.9-1.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-gson-0:2.8.9-1.redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-gson-0:2.8.9-1.redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-gson-0:2.8.9-1.redhat_00001.1.el7eap.src as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-gson-0:2.8.9-1.redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-gson-0:2.8.9-1.redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hal-console-0:3.2.18-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-hal-console-0:3.2.18-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-hal-console-0:3.2.18-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hal-console-0:3.2.18-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-hal-console-0:3.2.18-1.Final_redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-hal-console-0:3.2.18-1.Final_redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-0:1.7.2-14.Final_redhat_00015.1.el7eap.src as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-14.Final_redhat_00015.1.el7eap.src"
},
"product_reference": "eap7-jboss-server-migration-0:1.7.2-14.Final_redhat_00015.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-cli-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-cli-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-core-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-core-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-eap6.4-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-eap6.4-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-eap7.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-eap7.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-eap7.1-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-eap7.1-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-eap7.2-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-eap7.2-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-eap7.3-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-eap7.3-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly10.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly10.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly10.1-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly10.1-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly11.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly11.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly12.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly12.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly8.2-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly8.2-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly9.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly9.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-xnio-base-0:3.7.14-3.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.14-3.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-xnio-base-0:3.7.14-3.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-xnio-base-0:3.7.14-3.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.14-3.Final_redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-jboss-xnio-base-0:3.7.14-3.Final_redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch"
},
"product_reference": "eap7-wildfly-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-0:7.3.13-4.GA_redhat_00002.1.el7eap.src as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.13-4.GA_redhat_00002.1.el7eap.src"
},
"product_reference": "eap7-wildfly-0:7.3.13-4.GA_redhat_00002.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-java-jdk11-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch"
},
"product_reference": "eap7-wildfly-java-jdk11-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-java-jdk8-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch"
},
"product_reference": "eap7-wildfly-java-jdk8-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-javadocs-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch"
},
"product_reference": "eap7-wildfly-javadocs-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-modules-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch"
},
"product_reference": "eap7-wildfly-modules-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-0084",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2022-03-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2064226"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in XNIO, specifically in the notifyReadClosed method. The issue revealed this method was logging a message to another expected end. This flaw allows an attacker to send flawed requests to a server, possibly causing log contention-related performance concerns or an unwanted disk fill-up.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Although the CVSS stands for 7.5 score, the impact remains Moderate as it demands previous knowledge of the environment to trigger the Denial of Service (DoS)",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-0:2.9.0-10.redhat_00021.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-cli-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-commons-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-core-client-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-dto-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-hornetq-protocol-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-hqclient-protocol-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-jdbc-store-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-jms-client-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-jms-server-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-journal-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-ra-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-selector-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-server-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-service-extensions-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-tools-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-gson-0:2.8.9-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-gson-0:2.8.9-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-hal-console-0:3.2.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-hal-console-0:3.2.18-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-14.Final_redhat_00015.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.14-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.14-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.13-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-0084"
},
{
"category": "external",
"summary": "RHBZ#2064226",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064226"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-0084",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0084"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-0084",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0084"
}
],
"release_date": "2022-03-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-05-05T00:13:08+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-0:2.9.0-10.redhat_00021.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-cli-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-commons-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-core-client-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-dto-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-hornetq-protocol-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-hqclient-protocol-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-jdbc-store-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-jms-client-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-jms-server-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-journal-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-ra-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-selector-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-server-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-service-extensions-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-tools-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-gson-0:2.8.9-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-gson-0:2.8.9-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-hal-console-0:3.2.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-hal-console-0:3.2.18-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-14.Final_redhat_00015.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.14-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.14-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.13-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:4437"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-0:2.9.0-10.redhat_00021.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-cli-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-commons-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-core-client-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-dto-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-hornetq-protocol-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-hqclient-protocol-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-jdbc-store-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-jms-client-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-jms-server-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-journal-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-ra-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-selector-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-server-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-service-extensions-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-tools-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-gson-0:2.8.9-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-gson-0:2.8.9-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-hal-console-0:3.2.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-hal-console-0:3.2.18-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-14.Final_redhat_00015.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.14-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.14-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.13-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr"
},
{
"cve": "CVE-2022-23913",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2022-02-05T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2063601"
}
],
"notes": [
{
"category": "description",
"text": "In Apache ActiveMQ Artemis prior to 2.20.0 or 2.19.1, an attacker could partially disrupt availability (DoS) through uncontrolled resource consumption of memory.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "artemis-commons: Apache ActiveMQ Artemis DoS",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-0:2.9.0-10.redhat_00021.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-cli-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-commons-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-core-client-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-dto-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-hornetq-protocol-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-hqclient-protocol-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-jdbc-store-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-jms-client-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-jms-server-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-journal-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-ra-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-selector-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-server-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-service-extensions-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-tools-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-gson-0:2.8.9-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-gson-0:2.8.9-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-hal-console-0:3.2.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-hal-console-0:3.2.18-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-14.Final_redhat_00015.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.14-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.14-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.13-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-23913"
},
{
"category": "external",
"summary": "RHBZ#2063601",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2063601"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-23913",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23913"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-23913",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23913"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/fjynj57rd99s814rdn5hzvmx8lz403q2",
"url": "https://lists.apache.org/thread/fjynj57rd99s814rdn5hzvmx8lz403q2"
}
],
"release_date": "2022-02-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-05-05T00:13:08+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-0:2.9.0-10.redhat_00021.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-cli-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-commons-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-core-client-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-dto-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-hornetq-protocol-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-hqclient-protocol-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-jdbc-store-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-jms-client-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-jms-server-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-journal-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-ra-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-selector-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-server-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-service-extensions-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-tools-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-gson-0:2.8.9-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-gson-0:2.8.9-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-hal-console-0:3.2.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-hal-console-0:3.2.18-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-14.Final_redhat_00015.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.14-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.14-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.13-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:4437"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-0:2.9.0-10.redhat_00021.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-cli-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-commons-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-core-client-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-dto-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-hornetq-protocol-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-hqclient-protocol-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-jdbc-store-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-jms-client-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-jms-server-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-journal-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-ra-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-selector-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-server-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-service-extensions-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-tools-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-gson-0:2.8.9-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-gson-0:2.8.9-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-hal-console-0:3.2.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-hal-console-0:3.2.18-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-14.Final_redhat_00015.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.14-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.14-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.13-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "artemis-commons: Apache ActiveMQ Artemis DoS"
},
{
"cve": "CVE-2022-24785",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2022-04-05T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2072009"
}
],
"notes": [
{
"category": "description",
"text": "A path traversal vulnerability was found in Moment.js that impacts npm (server) users. This issue occurs if a user-provided locale string is directly used to switch moment locale, which an attacker can exploit to change the correct path to one of their choice. This can result in a loss of integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Moment.js: Path traversal in moment.locale",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "In Quay 3.10 and above, no version of affected momentjs is present.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-0:2.9.0-10.redhat_00021.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-cli-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-commons-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-core-client-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-dto-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-hornetq-protocol-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-hqclient-protocol-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-jdbc-store-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-jms-client-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-jms-server-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-journal-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-ra-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-selector-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-server-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-service-extensions-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-tools-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-gson-0:2.8.9-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-gson-0:2.8.9-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-hal-console-0:3.2.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-hal-console-0:3.2.18-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-14.Final_redhat_00015.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.14-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.14-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.13-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-24785"
},
{
"category": "external",
"summary": "RHBZ#2072009",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2072009"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-24785",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24785"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-24785",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24785"
},
{
"category": "external",
"summary": "https://github.com/moment/moment/security/advisories/GHSA-8hfj-j24r-96c4",
"url": "https://github.com/moment/moment/security/advisories/GHSA-8hfj-j24r-96c4"
}
],
"release_date": "2022-04-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-05-05T00:13:08+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-0:2.9.0-10.redhat_00021.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-cli-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-commons-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-core-client-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-dto-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-hornetq-protocol-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-hqclient-protocol-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-jdbc-store-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-jms-client-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-jms-server-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-journal-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-ra-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-selector-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-server-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-service-extensions-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-tools-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-gson-0:2.8.9-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-gson-0:2.8.9-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-hal-console-0:3.2.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-hal-console-0:3.2.18-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-14.Final_redhat_00015.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.14-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.14-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.13-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:4437"
},
{
"category": "workaround",
"details": "Sanitize the user-provided locale name before passing it to Moment.js.",
"product_ids": [
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-0:2.9.0-10.redhat_00021.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-cli-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-commons-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-core-client-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-dto-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-hornetq-protocol-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-hqclient-protocol-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-jdbc-store-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-jms-client-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-jms-server-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-journal-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-ra-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-selector-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-server-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-service-extensions-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-tools-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-gson-0:2.8.9-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-gson-0:2.8.9-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-hal-console-0:3.2.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-hal-console-0:3.2.18-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-14.Final_redhat_00015.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.14-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.14-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.13-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-0:2.9.0-10.redhat_00021.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-cli-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-commons-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-core-client-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-dto-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-hornetq-protocol-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-hqclient-protocol-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-jdbc-store-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-jms-client-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-jms-server-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-journal-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-ra-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-selector-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-server-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-service-extensions-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-tools-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-gson-0:2.8.9-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-gson-0:2.8.9-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-hal-console-0:3.2.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-hal-console-0:3.2.18-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-14.Final_redhat_00015.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.14-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.14-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.13-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Moment.js: Path traversal in moment.locale"
},
{
"cve": "CVE-2022-25647",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2022-05-02T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2080850"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in gson, which is vulnerable to Deserialization of Untrusted Data via the writeReplace() method in internal classes. This issue may lead to availability attacks.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "com.google.code.gson-gson: Deserialization of Untrusted Data in com.google.code.gson-gson",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-0:2.9.0-10.redhat_00021.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-cli-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-commons-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-core-client-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-dto-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-hornetq-protocol-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-hqclient-protocol-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-jdbc-store-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-jms-client-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-jms-server-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-journal-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-ra-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-selector-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-server-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-service-extensions-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-tools-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-gson-0:2.8.9-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-gson-0:2.8.9-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-hal-console-0:3.2.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-hal-console-0:3.2.18-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-14.Final_redhat_00015.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.14-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.14-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.13-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-25647"
},
{
"category": "external",
"summary": "RHBZ#2080850",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2080850"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-25647",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25647"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-25647",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25647"
}
],
"release_date": "2022-05-01T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-05-05T00:13:08+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-0:2.9.0-10.redhat_00021.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-cli-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-commons-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-core-client-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-dto-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-hornetq-protocol-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-hqclient-protocol-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-jdbc-store-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-jms-client-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-jms-server-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-journal-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-ra-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-selector-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-server-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-service-extensions-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-tools-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-gson-0:2.8.9-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-gson-0:2.8.9-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-hal-console-0:3.2.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-hal-console-0:3.2.18-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-14.Final_redhat_00015.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.14-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.14-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.13-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:4437"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-0:2.9.0-10.redhat_00021.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-cli-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-commons-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-core-client-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-dto-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-hornetq-protocol-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-hqclient-protocol-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-jdbc-store-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-jms-client-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-jms-server-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-journal-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-ra-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-selector-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-server-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-service-extensions-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-tools-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-gson-0:2.8.9-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-gson-0:2.8.9-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-hal-console-0:3.2.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-hal-console-0:3.2.18-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-14.Final_redhat_00015.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.14-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.14-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.13-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "com.google.code.gson-gson: Deserialization of Untrusted Data in com.google.code.gson-gson"
},
{
"cve": "CVE-2022-25857",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2022-09-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2126789"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the org.yaml.snakeyaml package. This flaw allows an attacker to cause a denial of service (DoS) due to missing nested depth limitation for collections.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "snakeyaml: Denial of Service due to missing nested depth limitation for collections",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "For RHEL-8 it\u0027s downgraded to moderate because \"snakeyaml\" itself in RHEL 8 or RHEL-9 isn\u0027t shipped and \"prometheus-jmx-exporter\" is needed as build dependency. And it\u0027s not directly exploitable, hence severity marked as moderate.\nRed Hat Integration and AMQ products are not vulnerable to this flaw, so their severity has been lowered to moderate.\nRed Hat Single Sign-On uses snakeyaml from liquibase-core and is only used when performing migrations and would require administrator privileges to execute, hence severity marked as Low.\nRed Hat Fuse 7 is now in Maintenance Support Phase and details about its fix should be present soon. However, Red Hat Fuse Online (Syndesis) does will not contain the fix for this flaw.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-0:2.9.0-10.redhat_00021.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-cli-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-commons-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-core-client-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-dto-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-hornetq-protocol-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-hqclient-protocol-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-jdbc-store-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-jms-client-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-jms-server-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-journal-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-ra-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-selector-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-server-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-service-extensions-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-tools-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-gson-0:2.8.9-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-gson-0:2.8.9-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-hal-console-0:3.2.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-hal-console-0:3.2.18-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-14.Final_redhat_00015.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.14-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.14-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.13-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-25857"
},
{
"category": "external",
"summary": "RHBZ#2126789",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2126789"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-25857",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25857"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-25857",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25857"
},
{
"category": "external",
"summary": "https://bitbucket.org/snakeyaml/snakeyaml/issues/525",
"url": "https://bitbucket.org/snakeyaml/snakeyaml/issues/525"
}
],
"release_date": "2022-08-30T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-05-05T00:13:08+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-0:2.9.0-10.redhat_00021.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-cli-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-commons-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-core-client-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-dto-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-hornetq-protocol-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-hqclient-protocol-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-jdbc-store-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-jms-client-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-jms-server-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-journal-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-ra-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-selector-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-server-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-service-extensions-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-tools-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-gson-0:2.8.9-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-gson-0:2.8.9-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-hal-console-0:3.2.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-hal-console-0:3.2.18-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-14.Final_redhat_00015.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.14-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.14-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.13-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:4437"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-0:2.9.0-10.redhat_00021.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-cli-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-commons-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-core-client-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-dto-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-hornetq-protocol-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-hqclient-protocol-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-jdbc-store-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-jms-client-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-jms-server-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-journal-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-ra-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-selector-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-server-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-service-extensions-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-tools-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-gson-0:2.8.9-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-gson-0:2.8.9-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-hal-console-0:3.2.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-hal-console-0:3.2.18-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-14.Final_redhat_00015.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.14-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.14-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.13-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "snakeyaml: Denial of Service due to missing nested depth limitation for collections"
},
{
"cve": "CVE-2022-40149",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2022-10-18T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2135771"
}
],
"notes": [
{
"category": "description",
"text": "A stack-based buffer overflow vulnerability was found in Jettison, where parsing an untrusted XML or JSON data may lead to a crash. This flaw allows an attacker to supply content that causes the parser to crash by writing outside the memory bounds if the parser is running on user-supplied input, resulting in a denial of service attack.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jettison: parser crash by stackoverflow",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-0:2.9.0-10.redhat_00021.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-cli-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-commons-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-core-client-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-dto-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-hornetq-protocol-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-hqclient-protocol-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-jdbc-store-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-jms-client-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-jms-server-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-journal-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-ra-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-selector-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-server-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-service-extensions-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-tools-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-gson-0:2.8.9-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-gson-0:2.8.9-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-hal-console-0:3.2.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-hal-console-0:3.2.18-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-14.Final_redhat_00015.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.14-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.14-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.13-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-40149"
},
{
"category": "external",
"summary": "RHBZ#2135771",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135771"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-40149",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40149"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-40149",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-40149"
},
{
"category": "external",
"summary": "https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1",
"url": "https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1"
}
],
"release_date": "2022-09-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-05-05T00:13:08+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-0:2.9.0-10.redhat_00021.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-cli-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-commons-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-core-client-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-dto-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-hornetq-protocol-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-hqclient-protocol-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-jdbc-store-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-jms-client-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-jms-server-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-journal-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-ra-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-selector-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-server-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-service-extensions-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-tools-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-gson-0:2.8.9-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-gson-0:2.8.9-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-hal-console-0:3.2.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-hal-console-0:3.2.18-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-14.Final_redhat_00015.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.14-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.14-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.13-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:4437"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-0:2.9.0-10.redhat_00021.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-cli-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-commons-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-core-client-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-dto-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-hornetq-protocol-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-hqclient-protocol-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-jdbc-store-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-jms-client-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-jms-server-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-journal-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-ra-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-selector-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-server-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-service-extensions-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-tools-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-gson-0:2.8.9-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-gson-0:2.8.9-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-hal-console-0:3.2.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-hal-console-0:3.2.18-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-14.Final_redhat_00015.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.14-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.14-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.13-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jettison: parser crash by stackoverflow"
},
{
"cve": "CVE-2022-40150",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2022-10-18T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2135770"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in Jettison, where parsing an untrusted XML or JSON data may lead to a crash. If the parser is running on user-supplied input, an attacker may supply content that causes the parser to crash, causing memory exhaustion. This effect may support a denial of service attack.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jettison: memory exhaustion via user-supplied XML or JSON data",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-0:2.9.0-10.redhat_00021.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-cli-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-commons-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-core-client-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-dto-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-hornetq-protocol-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-hqclient-protocol-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-jdbc-store-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-jms-client-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-jms-server-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-journal-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-ra-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-selector-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-server-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-service-extensions-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-tools-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-gson-0:2.8.9-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-gson-0:2.8.9-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-hal-console-0:3.2.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-hal-console-0:3.2.18-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-14.Final_redhat_00015.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.14-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.14-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.13-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-40150"
},
{
"category": "external",
"summary": "RHBZ#2135770",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135770"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-40150",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40150"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-40150",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-40150"
},
{
"category": "external",
"summary": "https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1",
"url": "https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1"
}
],
"release_date": "2022-09-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-05-05T00:13:08+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-0:2.9.0-10.redhat_00021.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-cli-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-commons-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-core-client-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-dto-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-hornetq-protocol-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-hqclient-protocol-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-jdbc-store-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-jms-client-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-jms-server-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-journal-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-ra-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-selector-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-server-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-service-extensions-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-tools-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-gson-0:2.8.9-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-gson-0:2.8.9-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-hal-console-0:3.2.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-hal-console-0:3.2.18-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-14.Final_redhat_00015.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.14-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.14-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.13-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:4437"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-0:2.9.0-10.redhat_00021.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-cli-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-commons-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-core-client-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-dto-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-hornetq-protocol-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-hqclient-protocol-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-jdbc-store-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-jms-client-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-jms-server-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-journal-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-ra-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-selector-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-server-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-service-extensions-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-tools-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-gson-0:2.8.9-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-gson-0:2.8.9-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-hal-console-0:3.2.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-hal-console-0:3.2.18-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-14.Final_redhat_00015.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.14-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.14-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.13-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "jettison: memory exhaustion via user-supplied XML or JSON data"
},
{
"cve": "CVE-2022-40152",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2022-10-13T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2134291"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the FasterXML/woodstox package. This flaw allows an attacker to cause a denial of service (DoS) in its target via XML serialization. An attacker may benefit from the parser sending a malicious input that may cause a crash. This vulnerability is only relevant for users using the DTD parsing functionality.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "woodstox-core: woodstox to serialise XML data was vulnerable to Denial of Service attacks",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-0:2.9.0-10.redhat_00021.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-cli-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-commons-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-core-client-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-dto-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-hornetq-protocol-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-hqclient-protocol-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-jdbc-store-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-jms-client-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-jms-server-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-journal-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-ra-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-selector-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-server-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-service-extensions-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-tools-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-gson-0:2.8.9-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-gson-0:2.8.9-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-hal-console-0:3.2.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-hal-console-0:3.2.18-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-14.Final_redhat_00015.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.14-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.14-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.13-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-40152"
},
{
"category": "external",
"summary": "RHBZ#2134291",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2134291"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-40152",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40152"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-40152",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-40152"
},
{
"category": "external",
"summary": "https://github.com/advisories/GHSA-3f7h-mf4q-vrm4",
"url": "https://github.com/advisories/GHSA-3f7h-mf4q-vrm4"
}
],
"release_date": "2022-09-16T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-05-05T00:13:08+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-0:2.9.0-10.redhat_00021.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-cli-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-commons-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-core-client-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-dto-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-hornetq-protocol-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-hqclient-protocol-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-jdbc-store-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-jms-client-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-jms-server-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-journal-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-ra-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-selector-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-server-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-service-extensions-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-tools-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-gson-0:2.8.9-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-gson-0:2.8.9-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-hal-console-0:3.2.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-hal-console-0:3.2.18-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-14.Final_redhat_00015.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.14-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.14-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.13-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:4437"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-0:2.9.0-10.redhat_00021.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-cli-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-commons-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-core-client-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-dto-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-hornetq-protocol-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-hqclient-protocol-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-jdbc-store-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-jms-client-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-jms-server-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-journal-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-ra-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-selector-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-server-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-service-extensions-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-tools-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-gson-0:2.8.9-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-gson-0:2.8.9-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-hal-console-0:3.2.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-hal-console-0:3.2.18-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-14.Final_redhat_00015.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.14-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.14-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.13-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "woodstox-core: woodstox to serialise XML data was vulnerable to Denial of Service attacks"
}
]
}
SUSE-SU-2022:3397-1
Vulnerability from csaf_suse - Published: 2022-09-26 14:39 - Updated: 2022-09-26 14:39Summary
Security update for snakeyaml
Severity
Important
Notes
Title of the patch: Security update for snakeyaml
Description of the patch: This update for snakeyaml fixes the following issues:
- CVE-2022-38750: Fixed uncaught exception in org.yaml.snakeyaml.constructor.BaseConstructor.constructObject (bsc#1203158).
- CVE-2022-38749: Fixed StackOverflowError for many open unmatched brackets (bsc#1203149).
- CVE-2022-38752: Fixed uncaught exception in java.base/java.util.ArrayList.hashCode (bsc#1203154).
- CVE-2022-38751: Fixed unrestricted data matched with Regular Expressions (bsc#1203153).
- CVE-2022-25857: Fixed denial of service vulnerability due missing to nested depth limitation for collections (bsc#1202932).
Patchnames: SUSE-2022-3397,SUSE-SLE-Module-Development-Tools-15-SP3-2022-3397,SUSE-SLE-Module-Development-Tools-15-SP4-2022-3397,SUSE-SLE-Module-SUSE-Manager-Server-4.2-2022-3397,SUSE-SLE-Module-SUSE-Manager-Server-4.3-2022-3397,openSUSE-SLE-15.3-2022-3397,openSUSE-SLE-15.4-2022-3397
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
8.8 (High)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP3:snakeyaml-1.31-150200.3.8.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP4:snakeyaml-1.31-150200.3.8.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:snakeyaml-1.31-150200.3.8.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.3:snakeyaml-1.31-150200.3.8.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:snakeyaml-1.31-150200.3.8.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:snakeyaml-javadoc-1.31-150200.3.8.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:snakeyaml-1.31-150200.3.8.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:snakeyaml-javadoc-1.31-150200.3.8.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
6.2 (Medium)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP3:snakeyaml-1.31-150200.3.8.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP4:snakeyaml-1.31-150200.3.8.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:snakeyaml-1.31-150200.3.8.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.3:snakeyaml-1.31-150200.3.8.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:snakeyaml-1.31-150200.3.8.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:snakeyaml-javadoc-1.31-150200.3.8.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:snakeyaml-1.31-150200.3.8.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:snakeyaml-javadoc-1.31-150200.3.8.1.noarch | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP3:snakeyaml-1.31-150200.3.8.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP4:snakeyaml-1.31-150200.3.8.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:snakeyaml-1.31-150200.3.8.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.3:snakeyaml-1.31-150200.3.8.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:snakeyaml-1.31-150200.3.8.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:snakeyaml-javadoc-1.31-150200.3.8.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:snakeyaml-1.31-150200.3.8.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:snakeyaml-javadoc-1.31-150200.3.8.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP3:snakeyaml-1.31-150200.3.8.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP4:snakeyaml-1.31-150200.3.8.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:snakeyaml-1.31-150200.3.8.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.3:snakeyaml-1.31-150200.3.8.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:snakeyaml-1.31-150200.3.8.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:snakeyaml-javadoc-1.31-150200.3.8.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:snakeyaml-1.31-150200.3.8.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:snakeyaml-javadoc-1.31-150200.3.8.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP3:snakeyaml-1.31-150200.3.8.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP4:snakeyaml-1.31-150200.3.8.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:snakeyaml-1.31-150200.3.8.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.3:snakeyaml-1.31-150200.3.8.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:snakeyaml-1.31-150200.3.8.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:snakeyaml-javadoc-1.31-150200.3.8.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:snakeyaml-1.31-150200.3.8.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:snakeyaml-javadoc-1.31-150200.3.8.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP3:snakeyaml-1.31-150200.3.8.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP4:snakeyaml-1.31-150200.3.8.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:snakeyaml-1.31-150200.3.8.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.3:snakeyaml-1.31-150200.3.8.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:snakeyaml-1.31-150200.3.8.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:snakeyaml-javadoc-1.31-150200.3.8.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:snakeyaml-1.31-150200.3.8.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:snakeyaml-javadoc-1.31-150200.3.8.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
References
27 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for snakeyaml",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for snakeyaml fixes the following issues:\n\n- CVE-2022-38750: Fixed uncaught exception in org.yaml.snakeyaml.constructor.BaseConstructor.constructObject (bsc#1203158).\n- CVE-2022-38749: Fixed StackOverflowError for many open unmatched brackets (bsc#1203149).\n- CVE-2022-38752: Fixed uncaught exception in java.base/java.util.ArrayList.hashCode (bsc#1203154).\n- CVE-2022-38751: Fixed unrestricted data matched with Regular Expressions (bsc#1203153).\n- CVE-2022-25857: Fixed denial of service vulnerability due missing to nested depth limitation for collections (bsc#1202932).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2022-3397,SUSE-SLE-Module-Development-Tools-15-SP3-2022-3397,SUSE-SLE-Module-Development-Tools-15-SP4-2022-3397,SUSE-SLE-Module-SUSE-Manager-Server-4.2-2022-3397,SUSE-SLE-Module-SUSE-Manager-Server-4.3-2022-3397,openSUSE-SLE-15.3-2022-3397,openSUSE-SLE-15.4-2022-3397",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2022_3397-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2022:3397-1",
"url": "https://www.suse.com/support/update/announcement/2022/suse-su-20223397-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2022:3397-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2022-September/012382.html"
},
{
"category": "self",
"summary": "SUSE Bug 1202932",
"url": "https://bugzilla.suse.com/1202932"
},
{
"category": "self",
"summary": "SUSE Bug 1203149",
"url": "https://bugzilla.suse.com/1203149"
},
{
"category": "self",
"summary": "SUSE Bug 1203153",
"url": "https://bugzilla.suse.com/1203153"
},
{
"category": "self",
"summary": "SUSE Bug 1203154",
"url": "https://bugzilla.suse.com/1203154"
},
{
"category": "self",
"summary": "SUSE Bug 1203158",
"url": "https://bugzilla.suse.com/1203158"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-13936 page",
"url": "https://www.suse.com/security/cve/CVE-2020-13936/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-25857 page",
"url": "https://www.suse.com/security/cve/CVE-2022-25857/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-38749 page",
"url": "https://www.suse.com/security/cve/CVE-2022-38749/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-38750 page",
"url": "https://www.suse.com/security/cve/CVE-2022-38750/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-38751 page",
"url": "https://www.suse.com/security/cve/CVE-2022-38751/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-38752 page",
"url": "https://www.suse.com/security/cve/CVE-2022-38752/"
}
],
"title": "Security update for snakeyaml",
"tracking": {
"current_release_date": "2022-09-26T14:39:22Z",
"generator": {
"date": "2022-09-26T14:39:22Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2022:3397-1",
"initial_release_date": "2022-09-26T14:39:22Z",
"revision_history": [
{
"date": "2022-09-26T14:39:22Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "snakeyaml-1.31-150200.3.8.1.noarch",
"product": {
"name": "snakeyaml-1.31-150200.3.8.1.noarch",
"product_id": "snakeyaml-1.31-150200.3.8.1.noarch"
}
},
{
"category": "product_version",
"name": "snakeyaml-javadoc-1.31-150200.3.8.1.noarch",
"product": {
"name": "snakeyaml-javadoc-1.31-150200.3.8.1.noarch",
"product_id": "snakeyaml-javadoc-1.31-150200.3.8.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Development Tools 15 SP3",
"product": {
"name": "SUSE Linux Enterprise Module for Development Tools 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-development-tools:15:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Development Tools 15 SP4",
"product": {
"name": "SUSE Linux Enterprise Module for Development Tools 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-development-tools:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Manager Server Module 4.2",
"product": {
"name": "SUSE Manager Server Module 4.2",
"product_id": "SUSE Manager Server Module 4.2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-suse-manager-server:4.2"
}
}
},
{
"category": "product_name",
"name": "SUSE Manager Server Module 4.3",
"product": {
"name": "SUSE Manager Server Module 4.3",
"product_id": "SUSE Manager Server Module 4.3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-suse-manager-server:4.3"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.3",
"product": {
"name": "openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.3"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.4",
"product": {
"name": "openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.4"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "snakeyaml-1.31-150200.3.8.1.noarch as component of SUSE Linux Enterprise Module for Development Tools 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP3:snakeyaml-1.31-150200.3.8.1.noarch"
},
"product_reference": "snakeyaml-1.31-150200.3.8.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "snakeyaml-1.31-150200.3.8.1.noarch as component of SUSE Linux Enterprise Module for Development Tools 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP4:snakeyaml-1.31-150200.3.8.1.noarch"
},
"product_reference": "snakeyaml-1.31-150200.3.8.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "snakeyaml-1.31-150200.3.8.1.noarch as component of SUSE Manager Server Module 4.2",
"product_id": "SUSE Manager Server Module 4.2:snakeyaml-1.31-150200.3.8.1.noarch"
},
"product_reference": "snakeyaml-1.31-150200.3.8.1.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "snakeyaml-1.31-150200.3.8.1.noarch as component of SUSE Manager Server Module 4.3",
"product_id": "SUSE Manager Server Module 4.3:snakeyaml-1.31-150200.3.8.1.noarch"
},
"product_reference": "snakeyaml-1.31-150200.3.8.1.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "snakeyaml-1.31-150200.3.8.1.noarch as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:snakeyaml-1.31-150200.3.8.1.noarch"
},
"product_reference": "snakeyaml-1.31-150200.3.8.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "snakeyaml-javadoc-1.31-150200.3.8.1.noarch as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:snakeyaml-javadoc-1.31-150200.3.8.1.noarch"
},
"product_reference": "snakeyaml-javadoc-1.31-150200.3.8.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "snakeyaml-1.31-150200.3.8.1.noarch as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:snakeyaml-1.31-150200.3.8.1.noarch"
},
"product_reference": "snakeyaml-1.31-150200.3.8.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "snakeyaml-javadoc-1.31-150200.3.8.1.noarch as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:snakeyaml-javadoc-1.31-150200.3.8.1.noarch"
},
"product_reference": "snakeyaml-javadoc-1.31-150200.3.8.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-13936",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-13936"
}
],
"notes": [
{
"category": "general",
"text": "An attacker that is able to modify Velocity templates may execute arbitrary Java code or run arbitrary system commands with the same privileges as the account running the Servlet container. This applies to applications that allow untrusted users to upload/modify velocity templates running Apache Velocity Engine versions up to 2.2.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Development Tools 15 SP3:snakeyaml-1.31-150200.3.8.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:snakeyaml-1.31-150200.3.8.1.noarch",
"SUSE Manager Server Module 4.2:snakeyaml-1.31-150200.3.8.1.noarch",
"SUSE Manager Server Module 4.3:snakeyaml-1.31-150200.3.8.1.noarch",
"openSUSE Leap 15.3:snakeyaml-1.31-150200.3.8.1.noarch",
"openSUSE Leap 15.3:snakeyaml-javadoc-1.31-150200.3.8.1.noarch",
"openSUSE Leap 15.4:snakeyaml-1.31-150200.3.8.1.noarch",
"openSUSE Leap 15.4:snakeyaml-javadoc-1.31-150200.3.8.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-13936",
"url": "https://www.suse.com/security/cve/CVE-2020-13936"
},
{
"category": "external",
"summary": "SUSE Bug 1183360 for CVE-2020-13936",
"url": "https://bugzilla.suse.com/1183360"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Development Tools 15 SP3:snakeyaml-1.31-150200.3.8.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:snakeyaml-1.31-150200.3.8.1.noarch",
"SUSE Manager Server Module 4.2:snakeyaml-1.31-150200.3.8.1.noarch",
"SUSE Manager Server Module 4.3:snakeyaml-1.31-150200.3.8.1.noarch",
"openSUSE Leap 15.3:snakeyaml-1.31-150200.3.8.1.noarch",
"openSUSE Leap 15.3:snakeyaml-javadoc-1.31-150200.3.8.1.noarch",
"openSUSE Leap 15.4:snakeyaml-1.31-150200.3.8.1.noarch",
"openSUSE Leap 15.4:snakeyaml-javadoc-1.31-150200.3.8.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Development Tools 15 SP3:snakeyaml-1.31-150200.3.8.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:snakeyaml-1.31-150200.3.8.1.noarch",
"SUSE Manager Server Module 4.2:snakeyaml-1.31-150200.3.8.1.noarch",
"SUSE Manager Server Module 4.3:snakeyaml-1.31-150200.3.8.1.noarch",
"openSUSE Leap 15.3:snakeyaml-1.31-150200.3.8.1.noarch",
"openSUSE Leap 15.3:snakeyaml-javadoc-1.31-150200.3.8.1.noarch",
"openSUSE Leap 15.4:snakeyaml-1.31-150200.3.8.1.noarch",
"openSUSE Leap 15.4:snakeyaml-javadoc-1.31-150200.3.8.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-09-26T14:39:22Z",
"details": "important"
}
],
"title": "CVE-2020-13936"
},
{
"cve": "CVE-2022-25857",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-25857"
}
],
"notes": [
{
"category": "general",
"text": "The package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable to Denial of Service (DoS) due missing to nested depth limitation for collections.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Development Tools 15 SP3:snakeyaml-1.31-150200.3.8.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:snakeyaml-1.31-150200.3.8.1.noarch",
"SUSE Manager Server Module 4.2:snakeyaml-1.31-150200.3.8.1.noarch",
"SUSE Manager Server Module 4.3:snakeyaml-1.31-150200.3.8.1.noarch",
"openSUSE Leap 15.3:snakeyaml-1.31-150200.3.8.1.noarch",
"openSUSE Leap 15.3:snakeyaml-javadoc-1.31-150200.3.8.1.noarch",
"openSUSE Leap 15.4:snakeyaml-1.31-150200.3.8.1.noarch",
"openSUSE Leap 15.4:snakeyaml-javadoc-1.31-150200.3.8.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-25857",
"url": "https://www.suse.com/security/cve/CVE-2022-25857"
},
{
"category": "external",
"summary": "SUSE Bug 1202932 for CVE-2022-25857",
"url": "https://bugzilla.suse.com/1202932"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Development Tools 15 SP3:snakeyaml-1.31-150200.3.8.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:snakeyaml-1.31-150200.3.8.1.noarch",
"SUSE Manager Server Module 4.2:snakeyaml-1.31-150200.3.8.1.noarch",
"SUSE Manager Server Module 4.3:snakeyaml-1.31-150200.3.8.1.noarch",
"openSUSE Leap 15.3:snakeyaml-1.31-150200.3.8.1.noarch",
"openSUSE Leap 15.3:snakeyaml-javadoc-1.31-150200.3.8.1.noarch",
"openSUSE Leap 15.4:snakeyaml-1.31-150200.3.8.1.noarch",
"openSUSE Leap 15.4:snakeyaml-javadoc-1.31-150200.3.8.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Development Tools 15 SP3:snakeyaml-1.31-150200.3.8.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:snakeyaml-1.31-150200.3.8.1.noarch",
"SUSE Manager Server Module 4.2:snakeyaml-1.31-150200.3.8.1.noarch",
"SUSE Manager Server Module 4.3:snakeyaml-1.31-150200.3.8.1.noarch",
"openSUSE Leap 15.3:snakeyaml-1.31-150200.3.8.1.noarch",
"openSUSE Leap 15.3:snakeyaml-javadoc-1.31-150200.3.8.1.noarch",
"openSUSE Leap 15.4:snakeyaml-1.31-150200.3.8.1.noarch",
"openSUSE Leap 15.4:snakeyaml-javadoc-1.31-150200.3.8.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-09-26T14:39:22Z",
"details": "moderate"
}
],
"title": "CVE-2022-25857"
},
{
"cve": "CVE-2022-38749",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-38749"
}
],
"notes": [
{
"category": "general",
"text": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Development Tools 15 SP3:snakeyaml-1.31-150200.3.8.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:snakeyaml-1.31-150200.3.8.1.noarch",
"SUSE Manager Server Module 4.2:snakeyaml-1.31-150200.3.8.1.noarch",
"SUSE Manager Server Module 4.3:snakeyaml-1.31-150200.3.8.1.noarch",
"openSUSE Leap 15.3:snakeyaml-1.31-150200.3.8.1.noarch",
"openSUSE Leap 15.3:snakeyaml-javadoc-1.31-150200.3.8.1.noarch",
"openSUSE Leap 15.4:snakeyaml-1.31-150200.3.8.1.noarch",
"openSUSE Leap 15.4:snakeyaml-javadoc-1.31-150200.3.8.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-38749",
"url": "https://www.suse.com/security/cve/CVE-2022-38749"
},
{
"category": "external",
"summary": "SUSE Bug 1203149 for CVE-2022-38749",
"url": "https://bugzilla.suse.com/1203149"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Development Tools 15 SP3:snakeyaml-1.31-150200.3.8.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:snakeyaml-1.31-150200.3.8.1.noarch",
"SUSE Manager Server Module 4.2:snakeyaml-1.31-150200.3.8.1.noarch",
"SUSE Manager Server Module 4.3:snakeyaml-1.31-150200.3.8.1.noarch",
"openSUSE Leap 15.3:snakeyaml-1.31-150200.3.8.1.noarch",
"openSUSE Leap 15.3:snakeyaml-javadoc-1.31-150200.3.8.1.noarch",
"openSUSE Leap 15.4:snakeyaml-1.31-150200.3.8.1.noarch",
"openSUSE Leap 15.4:snakeyaml-javadoc-1.31-150200.3.8.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Development Tools 15 SP3:snakeyaml-1.31-150200.3.8.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:snakeyaml-1.31-150200.3.8.1.noarch",
"SUSE Manager Server Module 4.2:snakeyaml-1.31-150200.3.8.1.noarch",
"SUSE Manager Server Module 4.3:snakeyaml-1.31-150200.3.8.1.noarch",
"openSUSE Leap 15.3:snakeyaml-1.31-150200.3.8.1.noarch",
"openSUSE Leap 15.3:snakeyaml-javadoc-1.31-150200.3.8.1.noarch",
"openSUSE Leap 15.4:snakeyaml-1.31-150200.3.8.1.noarch",
"openSUSE Leap 15.4:snakeyaml-javadoc-1.31-150200.3.8.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-09-26T14:39:22Z",
"details": "important"
}
],
"title": "CVE-2022-38749"
},
{
"cve": "CVE-2022-38750",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-38750"
}
],
"notes": [
{
"category": "general",
"text": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Development Tools 15 SP3:snakeyaml-1.31-150200.3.8.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:snakeyaml-1.31-150200.3.8.1.noarch",
"SUSE Manager Server Module 4.2:snakeyaml-1.31-150200.3.8.1.noarch",
"SUSE Manager Server Module 4.3:snakeyaml-1.31-150200.3.8.1.noarch",
"openSUSE Leap 15.3:snakeyaml-1.31-150200.3.8.1.noarch",
"openSUSE Leap 15.3:snakeyaml-javadoc-1.31-150200.3.8.1.noarch",
"openSUSE Leap 15.4:snakeyaml-1.31-150200.3.8.1.noarch",
"openSUSE Leap 15.4:snakeyaml-javadoc-1.31-150200.3.8.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-38750",
"url": "https://www.suse.com/security/cve/CVE-2022-38750"
},
{
"category": "external",
"summary": "SUSE Bug 1203158 for CVE-2022-38750",
"url": "https://bugzilla.suse.com/1203158"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Development Tools 15 SP3:snakeyaml-1.31-150200.3.8.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:snakeyaml-1.31-150200.3.8.1.noarch",
"SUSE Manager Server Module 4.2:snakeyaml-1.31-150200.3.8.1.noarch",
"SUSE Manager Server Module 4.3:snakeyaml-1.31-150200.3.8.1.noarch",
"openSUSE Leap 15.3:snakeyaml-1.31-150200.3.8.1.noarch",
"openSUSE Leap 15.3:snakeyaml-javadoc-1.31-150200.3.8.1.noarch",
"openSUSE Leap 15.4:snakeyaml-1.31-150200.3.8.1.noarch",
"openSUSE Leap 15.4:snakeyaml-javadoc-1.31-150200.3.8.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Development Tools 15 SP3:snakeyaml-1.31-150200.3.8.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:snakeyaml-1.31-150200.3.8.1.noarch",
"SUSE Manager Server Module 4.2:snakeyaml-1.31-150200.3.8.1.noarch",
"SUSE Manager Server Module 4.3:snakeyaml-1.31-150200.3.8.1.noarch",
"openSUSE Leap 15.3:snakeyaml-1.31-150200.3.8.1.noarch",
"openSUSE Leap 15.3:snakeyaml-javadoc-1.31-150200.3.8.1.noarch",
"openSUSE Leap 15.4:snakeyaml-1.31-150200.3.8.1.noarch",
"openSUSE Leap 15.4:snakeyaml-javadoc-1.31-150200.3.8.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-09-26T14:39:22Z",
"details": "important"
}
],
"title": "CVE-2022-38750"
},
{
"cve": "CVE-2022-38751",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-38751"
}
],
"notes": [
{
"category": "general",
"text": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Development Tools 15 SP3:snakeyaml-1.31-150200.3.8.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:snakeyaml-1.31-150200.3.8.1.noarch",
"SUSE Manager Server Module 4.2:snakeyaml-1.31-150200.3.8.1.noarch",
"SUSE Manager Server Module 4.3:snakeyaml-1.31-150200.3.8.1.noarch",
"openSUSE Leap 15.3:snakeyaml-1.31-150200.3.8.1.noarch",
"openSUSE Leap 15.3:snakeyaml-javadoc-1.31-150200.3.8.1.noarch",
"openSUSE Leap 15.4:snakeyaml-1.31-150200.3.8.1.noarch",
"openSUSE Leap 15.4:snakeyaml-javadoc-1.31-150200.3.8.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-38751",
"url": "https://www.suse.com/security/cve/CVE-2022-38751"
},
{
"category": "external",
"summary": "SUSE Bug 1203153 for CVE-2022-38751",
"url": "https://bugzilla.suse.com/1203153"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Development Tools 15 SP3:snakeyaml-1.31-150200.3.8.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:snakeyaml-1.31-150200.3.8.1.noarch",
"SUSE Manager Server Module 4.2:snakeyaml-1.31-150200.3.8.1.noarch",
"SUSE Manager Server Module 4.3:snakeyaml-1.31-150200.3.8.1.noarch",
"openSUSE Leap 15.3:snakeyaml-1.31-150200.3.8.1.noarch",
"openSUSE Leap 15.3:snakeyaml-javadoc-1.31-150200.3.8.1.noarch",
"openSUSE Leap 15.4:snakeyaml-1.31-150200.3.8.1.noarch",
"openSUSE Leap 15.4:snakeyaml-javadoc-1.31-150200.3.8.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Development Tools 15 SP3:snakeyaml-1.31-150200.3.8.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:snakeyaml-1.31-150200.3.8.1.noarch",
"SUSE Manager Server Module 4.2:snakeyaml-1.31-150200.3.8.1.noarch",
"SUSE Manager Server Module 4.3:snakeyaml-1.31-150200.3.8.1.noarch",
"openSUSE Leap 15.3:snakeyaml-1.31-150200.3.8.1.noarch",
"openSUSE Leap 15.3:snakeyaml-javadoc-1.31-150200.3.8.1.noarch",
"openSUSE Leap 15.4:snakeyaml-1.31-150200.3.8.1.noarch",
"openSUSE Leap 15.4:snakeyaml-javadoc-1.31-150200.3.8.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-09-26T14:39:22Z",
"details": "important"
}
],
"title": "CVE-2022-38751"
},
{
"cve": "CVE-2022-38752",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-38752"
}
],
"notes": [
{
"category": "general",
"text": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack-overflow.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Development Tools 15 SP3:snakeyaml-1.31-150200.3.8.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:snakeyaml-1.31-150200.3.8.1.noarch",
"SUSE Manager Server Module 4.2:snakeyaml-1.31-150200.3.8.1.noarch",
"SUSE Manager Server Module 4.3:snakeyaml-1.31-150200.3.8.1.noarch",
"openSUSE Leap 15.3:snakeyaml-1.31-150200.3.8.1.noarch",
"openSUSE Leap 15.3:snakeyaml-javadoc-1.31-150200.3.8.1.noarch",
"openSUSE Leap 15.4:snakeyaml-1.31-150200.3.8.1.noarch",
"openSUSE Leap 15.4:snakeyaml-javadoc-1.31-150200.3.8.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-38752",
"url": "https://www.suse.com/security/cve/CVE-2022-38752"
},
{
"category": "external",
"summary": "SUSE Bug 1203154 for CVE-2022-38752",
"url": "https://bugzilla.suse.com/1203154"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Development Tools 15 SP3:snakeyaml-1.31-150200.3.8.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:snakeyaml-1.31-150200.3.8.1.noarch",
"SUSE Manager Server Module 4.2:snakeyaml-1.31-150200.3.8.1.noarch",
"SUSE Manager Server Module 4.3:snakeyaml-1.31-150200.3.8.1.noarch",
"openSUSE Leap 15.3:snakeyaml-1.31-150200.3.8.1.noarch",
"openSUSE Leap 15.3:snakeyaml-javadoc-1.31-150200.3.8.1.noarch",
"openSUSE Leap 15.4:snakeyaml-1.31-150200.3.8.1.noarch",
"openSUSE Leap 15.4:snakeyaml-javadoc-1.31-150200.3.8.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Development Tools 15 SP3:snakeyaml-1.31-150200.3.8.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:snakeyaml-1.31-150200.3.8.1.noarch",
"SUSE Manager Server Module 4.2:snakeyaml-1.31-150200.3.8.1.noarch",
"SUSE Manager Server Module 4.3:snakeyaml-1.31-150200.3.8.1.noarch",
"openSUSE Leap 15.3:snakeyaml-1.31-150200.3.8.1.noarch",
"openSUSE Leap 15.3:snakeyaml-javadoc-1.31-150200.3.8.1.noarch",
"openSUSE Leap 15.4:snakeyaml-1.31-150200.3.8.1.noarch",
"openSUSE Leap 15.4:snakeyaml-javadoc-1.31-150200.3.8.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-09-26T14:39:22Z",
"details": "important"
}
],
"title": "CVE-2022-38752"
}
]
}
SUSE-SU-2022:3560-1
Vulnerability from csaf_suse - Published: 2022-10-11 07:43 - Updated: 2022-10-11 07:43Summary
Security update for snakeyaml
Severity
Important
Notes
Title of the patch: Security update for snakeyaml
Description of the patch: This update for snakeyaml fixes the following issues:
snakeyaml was upgraded to version 1.31:
- CVE-2022-25857: Fixed DoS due missing to nested depth limitation for collections (bsc#1202932).
- CVE-2022-38749: Fixed DoS due to stack overflow in parser (bsc#1202932).
- CVE-2022-38751: Fixed DoS due to parsing of untrusted yaml files (bsc#1203153).
- CVE-2022-38752: Fixed DoS due to stack overflow in parser (bsc#1203154).
- CVE-2022-38750: Fixed DoS due to parsing of untrusted yaml files (bsc#1203158).
- CVE-2020-13936: Fixed arbitrary code execution when attacker is able to modify templates (bsc#1183360).
Patchnames: SUSE-2022-3560,SUSE-SLE-Module-SUSE-Manager-Server-4.1-2022-3560
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
8.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Manager Server Module 4.1:snakeyaml-1.31-150200.12.6.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
6.2 (Medium)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Manager Server Module 4.1:snakeyaml-1.31-150200.12.6.1.noarch | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Manager Server Module 4.1:snakeyaml-1.31-150200.12.6.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Manager Server Module 4.1:snakeyaml-1.31-150200.12.6.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Manager Server Module 4.1:snakeyaml-1.31-150200.12.6.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Manager Server Module 4.1:snakeyaml-1.31-150200.12.6.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
References
28 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for snakeyaml",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for snakeyaml fixes the following issues:\n\n snakeyaml was upgraded to version 1.31:\n\n - CVE-2022-25857: Fixed DoS due missing to nested depth limitation for collections (bsc#1202932).\n - CVE-2022-38749: Fixed DoS due to stack overflow in parser (bsc#1202932).\n - CVE-2022-38751: Fixed DoS due to parsing of untrusted yaml files (bsc#1203153).\n - CVE-2022-38752: Fixed DoS due to stack overflow in parser (bsc#1203154).\n - CVE-2022-38750: Fixed DoS due to parsing of untrusted yaml files (bsc#1203158).\n - CVE-2020-13936: Fixed arbitrary code execution when attacker is able to modify templates (bsc#1183360).\n\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2022-3560,SUSE-SLE-Module-SUSE-Manager-Server-4.1-2022-3560",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2022_3560-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2022:3560-1",
"url": "https://www.suse.com/support/update/announcement/2022/suse-su-20223560-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2022:3560-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2022-October/012531.html"
},
{
"category": "self",
"summary": "SUSE Bug 1183360",
"url": "https://bugzilla.suse.com/1183360"
},
{
"category": "self",
"summary": "SUSE Bug 1202932",
"url": "https://bugzilla.suse.com/1202932"
},
{
"category": "self",
"summary": "SUSE Bug 1203149",
"url": "https://bugzilla.suse.com/1203149"
},
{
"category": "self",
"summary": "SUSE Bug 1203153",
"url": "https://bugzilla.suse.com/1203153"
},
{
"category": "self",
"summary": "SUSE Bug 1203154",
"url": "https://bugzilla.suse.com/1203154"
},
{
"category": "self",
"summary": "SUSE Bug 1203158",
"url": "https://bugzilla.suse.com/1203158"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-13936 page",
"url": "https://www.suse.com/security/cve/CVE-2020-13936/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-25857 page",
"url": "https://www.suse.com/security/cve/CVE-2022-25857/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-38749 page",
"url": "https://www.suse.com/security/cve/CVE-2022-38749/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-38750 page",
"url": "https://www.suse.com/security/cve/CVE-2022-38750/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-38751 page",
"url": "https://www.suse.com/security/cve/CVE-2022-38751/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-38752 page",
"url": "https://www.suse.com/security/cve/CVE-2022-38752/"
}
],
"title": "Security update for snakeyaml",
"tracking": {
"current_release_date": "2022-10-11T07:43:48Z",
"generator": {
"date": "2022-10-11T07:43:48Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2022:3560-1",
"initial_release_date": "2022-10-11T07:43:48Z",
"revision_history": [
{
"date": "2022-10-11T07:43:48Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "snakeyaml-1.31-150200.12.6.1.noarch",
"product": {
"name": "snakeyaml-1.31-150200.12.6.1.noarch",
"product_id": "snakeyaml-1.31-150200.12.6.1.noarch"
}
},
{
"category": "product_version",
"name": "snakeyaml-javadoc-1.31-150200.12.6.1.noarch",
"product": {
"name": "snakeyaml-javadoc-1.31-150200.12.6.1.noarch",
"product_id": "snakeyaml-javadoc-1.31-150200.12.6.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Manager Server Module 4.1",
"product": {
"name": "SUSE Manager Server Module 4.1",
"product_id": "SUSE Manager Server Module 4.1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-suse-manager-server:4.1"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "snakeyaml-1.31-150200.12.6.1.noarch as component of SUSE Manager Server Module 4.1",
"product_id": "SUSE Manager Server Module 4.1:snakeyaml-1.31-150200.12.6.1.noarch"
},
"product_reference": "snakeyaml-1.31-150200.12.6.1.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-13936",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-13936"
}
],
"notes": [
{
"category": "general",
"text": "An attacker that is able to modify Velocity templates may execute arbitrary Java code or run arbitrary system commands with the same privileges as the account running the Servlet container. This applies to applications that allow untrusted users to upload/modify velocity templates running Apache Velocity Engine versions up to 2.2.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Manager Server Module 4.1:snakeyaml-1.31-150200.12.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-13936",
"url": "https://www.suse.com/security/cve/CVE-2020-13936"
},
{
"category": "external",
"summary": "SUSE Bug 1183360 for CVE-2020-13936",
"url": "https://bugzilla.suse.com/1183360"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Manager Server Module 4.1:snakeyaml-1.31-150200.12.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Manager Server Module 4.1:snakeyaml-1.31-150200.12.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-10-11T07:43:48Z",
"details": "important"
}
],
"title": "CVE-2020-13936"
},
{
"cve": "CVE-2022-25857",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-25857"
}
],
"notes": [
{
"category": "general",
"text": "The package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable to Denial of Service (DoS) due missing to nested depth limitation for collections.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Manager Server Module 4.1:snakeyaml-1.31-150200.12.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-25857",
"url": "https://www.suse.com/security/cve/CVE-2022-25857"
},
{
"category": "external",
"summary": "SUSE Bug 1202932 for CVE-2022-25857",
"url": "https://bugzilla.suse.com/1202932"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Manager Server Module 4.1:snakeyaml-1.31-150200.12.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Manager Server Module 4.1:snakeyaml-1.31-150200.12.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-10-11T07:43:48Z",
"details": "moderate"
}
],
"title": "CVE-2022-25857"
},
{
"cve": "CVE-2022-38749",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-38749"
}
],
"notes": [
{
"category": "general",
"text": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Manager Server Module 4.1:snakeyaml-1.31-150200.12.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-38749",
"url": "https://www.suse.com/security/cve/CVE-2022-38749"
},
{
"category": "external",
"summary": "SUSE Bug 1203149 for CVE-2022-38749",
"url": "https://bugzilla.suse.com/1203149"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Manager Server Module 4.1:snakeyaml-1.31-150200.12.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Manager Server Module 4.1:snakeyaml-1.31-150200.12.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-10-11T07:43:48Z",
"details": "important"
}
],
"title": "CVE-2022-38749"
},
{
"cve": "CVE-2022-38750",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-38750"
}
],
"notes": [
{
"category": "general",
"text": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Manager Server Module 4.1:snakeyaml-1.31-150200.12.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-38750",
"url": "https://www.suse.com/security/cve/CVE-2022-38750"
},
{
"category": "external",
"summary": "SUSE Bug 1203158 for CVE-2022-38750",
"url": "https://bugzilla.suse.com/1203158"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Manager Server Module 4.1:snakeyaml-1.31-150200.12.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Manager Server Module 4.1:snakeyaml-1.31-150200.12.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-10-11T07:43:48Z",
"details": "important"
}
],
"title": "CVE-2022-38750"
},
{
"cve": "CVE-2022-38751",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-38751"
}
],
"notes": [
{
"category": "general",
"text": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Manager Server Module 4.1:snakeyaml-1.31-150200.12.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-38751",
"url": "https://www.suse.com/security/cve/CVE-2022-38751"
},
{
"category": "external",
"summary": "SUSE Bug 1203153 for CVE-2022-38751",
"url": "https://bugzilla.suse.com/1203153"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Manager Server Module 4.1:snakeyaml-1.31-150200.12.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Manager Server Module 4.1:snakeyaml-1.31-150200.12.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-10-11T07:43:48Z",
"details": "important"
}
],
"title": "CVE-2022-38751"
},
{
"cve": "CVE-2022-38752",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-38752"
}
],
"notes": [
{
"category": "general",
"text": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack-overflow.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Manager Server Module 4.1:snakeyaml-1.31-150200.12.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-38752",
"url": "https://www.suse.com/security/cve/CVE-2022-38752"
},
{
"category": "external",
"summary": "SUSE Bug 1203154 for CVE-2022-38752",
"url": "https://bugzilla.suse.com/1203154"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Manager Server Module 4.1:snakeyaml-1.31-150200.12.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Manager Server Module 4.1:snakeyaml-1.31-150200.12.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-10-11T07:43:48Z",
"details": "important"
}
],
"title": "CVE-2022-38752"
}
]
}
WID-SEC-W-2022-1635
Vulnerability from csaf_certbund - Published: 2022-10-05 22:00 - Updated: 2025-04-27 22:00Summary
Red Hat OpenShift und Red Hat Enterprise Linux: Mehrere Schwachstellen ermöglichen Denial of Service
Severity
Mittel
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: Red Hat OpenShift ist eine "Platform as a Service" (PaaS) Lösung zur Bereitstellung von Applikationen in der Cloud.
Angriff: Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann mehrere Schwachstellen in Red Hat OpenShift build of Eclipse Vert.x und Red Hat Enterprise Linux ausnutzen, um einen Denial-of-Service-Zustand zu verursachen.
Betroffene Betriebssysteme: - Linux
- UNIX
Affected products
Known affected
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM TXSeries 8.1
IBM / TXSeries
|
cpe:/a:ibm:txseries:for_multiplatforms_8.1
|
8.1 | |
|
Red Hat OpenShift container platform 4.0.51
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:container_platform_4.0.51
|
container platform 4.0.51 | |
|
IBM TXSeries 8.2
IBM / TXSeries
|
cpe:/a:ibm:txseries:for_multiplatforms_8.2
|
8.2 | |
|
IBM WebSphere Application Server
IBM
|
cpe:/a:ibm:websphere_application_server:-
|
— | |
|
IBM TXSeries 9.1
IBM / TXSeries
|
cpe:/a:ibm:txseries:for_multiplatforms_9.1
|
9.1 | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat OpenShift build of Eclipse Vert.x <4.3.
Red Hat / OpenShift
|
build of Eclipse Vert.x <4.3. | ||
|
Dell NetWorker
Dell
|
cpe:/a:dell:networker:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Red Hat Enterprise Linux 8
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:8
|
8 | |
|
Red Hat JBoss A-MQ Clients 3
Red Hat / JBoss A-MQ
|
cpe:/a:redhat:jboss_amq:clients_3
|
Clients 3 |
Affected products
Known affected
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM TXSeries 8.1
IBM / TXSeries
|
cpe:/a:ibm:txseries:for_multiplatforms_8.1
|
8.1 | |
|
Red Hat OpenShift container platform 4.0.51
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:container_platform_4.0.51
|
container platform 4.0.51 | |
|
IBM TXSeries 8.2
IBM / TXSeries
|
cpe:/a:ibm:txseries:for_multiplatforms_8.2
|
8.2 | |
|
IBM WebSphere Application Server
IBM
|
cpe:/a:ibm:websphere_application_server:-
|
— | |
|
IBM TXSeries 9.1
IBM / TXSeries
|
cpe:/a:ibm:txseries:for_multiplatforms_9.1
|
9.1 | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat OpenShift build of Eclipse Vert.x <4.3.
Red Hat / OpenShift
|
build of Eclipse Vert.x <4.3. | ||
|
Dell NetWorker
Dell
|
cpe:/a:dell:networker:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Red Hat Enterprise Linux 8
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:8
|
8 | |
|
Red Hat JBoss A-MQ Clients 3
Red Hat / JBoss A-MQ
|
cpe:/a:redhat:jboss_amq:clients_3
|
Clients 3 |
Affected products
Known affected
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM TXSeries 8.1
IBM / TXSeries
|
cpe:/a:ibm:txseries:for_multiplatforms_8.1
|
8.1 | |
|
Red Hat OpenShift container platform 4.0.51
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:container_platform_4.0.51
|
container platform 4.0.51 | |
|
IBM TXSeries 8.2
IBM / TXSeries
|
cpe:/a:ibm:txseries:for_multiplatforms_8.2
|
8.2 | |
|
IBM WebSphere Application Server
IBM
|
cpe:/a:ibm:websphere_application_server:-
|
— | |
|
IBM TXSeries 9.1
IBM / TXSeries
|
cpe:/a:ibm:txseries:for_multiplatforms_9.1
|
9.1 | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat OpenShift build of Eclipse Vert.x <4.3.
Red Hat / OpenShift
|
build of Eclipse Vert.x <4.3. | ||
|
Dell NetWorker
Dell
|
cpe:/a:dell:networker:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Red Hat Enterprise Linux 8
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:8
|
8 | |
|
Red Hat JBoss A-MQ Clients 3
Red Hat / JBoss A-MQ
|
cpe:/a:redhat:jboss_amq:clients_3
|
Clients 3 |
Affected products
Known affected
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM TXSeries 8.1
IBM / TXSeries
|
cpe:/a:ibm:txseries:for_multiplatforms_8.1
|
8.1 | |
|
Red Hat OpenShift container platform 4.0.51
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:container_platform_4.0.51
|
container platform 4.0.51 | |
|
IBM TXSeries 8.2
IBM / TXSeries
|
cpe:/a:ibm:txseries:for_multiplatforms_8.2
|
8.2 | |
|
IBM WebSphere Application Server
IBM
|
cpe:/a:ibm:websphere_application_server:-
|
— | |
|
IBM TXSeries 9.1
IBM / TXSeries
|
cpe:/a:ibm:txseries:for_multiplatforms_9.1
|
9.1 | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat OpenShift build of Eclipse Vert.x <4.3.
Red Hat / OpenShift
|
build of Eclipse Vert.x <4.3. | ||
|
Dell NetWorker
Dell
|
cpe:/a:dell:networker:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Red Hat Enterprise Linux 8
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:8
|
8 | |
|
Red Hat JBoss A-MQ Clients 3
Red Hat / JBoss A-MQ
|
cpe:/a:redhat:jboss_amq:clients_3
|
Clients 3 |
Affected products
Known affected
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM TXSeries 8.1
IBM / TXSeries
|
cpe:/a:ibm:txseries:for_multiplatforms_8.1
|
8.1 | |
|
Red Hat OpenShift container platform 4.0.51
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:container_platform_4.0.51
|
container platform 4.0.51 | |
|
IBM TXSeries 8.2
IBM / TXSeries
|
cpe:/a:ibm:txseries:for_multiplatforms_8.2
|
8.2 | |
|
IBM WebSphere Application Server
IBM
|
cpe:/a:ibm:websphere_application_server:-
|
— | |
|
IBM TXSeries 9.1
IBM / TXSeries
|
cpe:/a:ibm:txseries:for_multiplatforms_9.1
|
9.1 | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat OpenShift build of Eclipse Vert.x <4.3.
Red Hat / OpenShift
|
build of Eclipse Vert.x <4.3. | ||
|
Dell NetWorker
Dell
|
cpe:/a:dell:networker:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Red Hat Enterprise Linux 8
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:8
|
8 | |
|
Red Hat JBoss A-MQ Clients 3
Red Hat / JBoss A-MQ
|
cpe:/a:redhat:jboss_amq:clients_3
|
Clients 3 |
Affected products
Known affected
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM TXSeries 8.1
IBM / TXSeries
|
cpe:/a:ibm:txseries:for_multiplatforms_8.1
|
8.1 | |
|
Red Hat OpenShift container platform 4.0.51
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:container_platform_4.0.51
|
container platform 4.0.51 | |
|
IBM TXSeries 8.2
IBM / TXSeries
|
cpe:/a:ibm:txseries:for_multiplatforms_8.2
|
8.2 | |
|
IBM WebSphere Application Server
IBM
|
cpe:/a:ibm:websphere_application_server:-
|
— | |
|
IBM TXSeries 9.1
IBM / TXSeries
|
cpe:/a:ibm:txseries:for_multiplatforms_9.1
|
9.1 | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat OpenShift build of Eclipse Vert.x <4.3.
Red Hat / OpenShift
|
build of Eclipse Vert.x <4.3. | ||
|
Dell NetWorker
Dell
|
cpe:/a:dell:networker:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Red Hat Enterprise Linux 8
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:8
|
8 | |
|
Red Hat JBoss A-MQ Clients 3
Red Hat / JBoss A-MQ
|
cpe:/a:redhat:jboss_amq:clients_3
|
Clients 3 |
References
30 references
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Red Hat OpenShift ist eine \"Platform as a Service\" (PaaS) L\u00f6sung zur Bereitstellung von Applikationen in der Cloud.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann mehrere Schwachstellen in Red Hat OpenShift build of Eclipse Vert.x und Red Hat Enterprise Linux ausnutzen, um einen Denial-of-Service-Zustand zu verursachen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- UNIX",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2022-1635 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2022/wid-sec-w-2022-1635.json"
},
{
"category": "self",
"summary": "WID-SEC-2022-1635 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-1635"
},
{
"category": "external",
"summary": "Red Hat Security Advisory vom 2022-10-05",
"url": "https://access.redhat.com/errata/RHSA-2022:6757"
},
{
"category": "external",
"summary": "Red Hat Security Advisory vom 2022-10-05",
"url": "https://access.redhat.com/errata/RHSA-2022:6820"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:6835 vom 2022-10-06",
"url": "https://access.redhat.com/errata/RHSA-2022:6835"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2022-6820 vom 2022-10-07",
"url": "http://linux.oracle.com/errata/ELSA-2022-6820.html"
},
{
"category": "external",
"summary": "IBM Security Bulletin 6832094 vom 2022-10-27",
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-websphere-application-server-liberty-is-vulnerable-to-denial-of-service-due-to-graphql-java-cve-2022-37734/"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:8524 vom 2022-11-17",
"url": "https://access.redhat.com/errata/RHSA-2022:8524"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:8652 vom 2022-11-28",
"url": "https://access.redhat.com/errata/RHSA-2022:8652"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:8876 vom 2022-12-07",
"url": "https://access.redhat.com/errata/RHSA-2022:8876"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:9023 vom 2022-12-14",
"url": "https://access.redhat.com/errata/RHSA-2022:9023"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:0189 vom 2023-01-17",
"url": "https://access.redhat.com/errata/RHSA-2023:0189"
},
{
"category": "external",
"summary": "IBM Security Bulletin 6856687 vom 2023-01-20",
"url": "https://www.ibm.com/support/pages/node/6856687"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:0560 vom 2023-02-08",
"url": "https://access.redhat.com/errata/RHSA-2023:0560"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:1049 vom 2023-03-02",
"url": "https://access.redhat.com/errata/RHSA-2023:1049"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:1043 vom 2023-03-02",
"url": "https://access.redhat.com/errata/RHSA-2023:1043"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:1045 vom 2023-03-02",
"url": "https://access.redhat.com/errata/RHSA-2023:1045"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:1047 vom 2023-03-02",
"url": "https://access.redhat.com/errata/RHSA-2023:1047"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:1044 vom 2023-03-02",
"url": "https://access.redhat.com/errata/RHSA-2023:1044"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:1513 vom 2023-03-30",
"url": "https://access.redhat.com/errata/RHSA-2023:1513"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:1514 vom 2023-03-30",
"url": "https://access.redhat.com/errata/RHSA-2023:1514"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:1512 vom 2023-03-30",
"url": "https://access.redhat.com/errata/RHSA-2023:1512"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:3641 vom 2023-06-15",
"url": "https://access.redhat.com/errata/RHSA-2023:3641"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:7697 vom 2023-12-07",
"url": "https://access.redhat.com/errata/RHSA-2023:7697"
},
{
"category": "external",
"summary": "Dell Security Advisory DSA-2023-300 vom 2023-12-22",
"url": "https://www.dell.com/support/kbdoc/000220649/dsa-2023-="
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS-2024-2403 vom 2024-01-10",
"url": "https://alas.aws.amazon.com/AL2/ALAS-2024-2403.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:0777 vom 2024-02-12",
"url": "https://access.redhat.com/errata/RHSA-2024:0777"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:0778 vom 2024-02-12",
"url": "https://access.redhat.com/errata/RHSA-2024:0778"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:0776 vom 2024-02-12",
"url": "https://access.redhat.com/errata/RHSA-2024:0776"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:4226 vom 2025-04-28",
"url": "https://access.redhat.com/errata/RHSA-2025:4226"
}
],
"source_lang": "en-US",
"title": "Red Hat OpenShift und Red Hat Enterprise Linux: Mehrere Schwachstellen erm\u00f6glichen Denial of Service",
"tracking": {
"current_release_date": "2025-04-27T22:00:00.000+00:00",
"generator": {
"date": "2025-04-28T08:14:06.844+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.12"
}
},
"id": "WID-SEC-W-2022-1635",
"initial_release_date": "2022-10-05T22:00:00.000+00:00",
"revision_history": [
{
"date": "2022-10-05T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2022-10-06T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von Red Hat und Oracle Linux aufgenommen"
},
{
"date": "2022-10-26T22:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2022-11-17T23:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2022-11-28T23:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2022-12-07T23:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2022-12-14T23:00:00.000+00:00",
"number": "7",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2023-01-17T23:00:00.000+00:00",
"number": "8",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2023-01-22T23:00:00.000+00:00",
"number": "9",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2023-02-08T23:00:00.000+00:00",
"number": "10",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2023-03-01T23:00:00.000+00:00",
"number": "11",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2023-03-29T22:00:00.000+00:00",
"number": "12",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2023-06-15T22:00:00.000+00:00",
"number": "13",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2023-12-07T23:00:00.000+00:00",
"number": "14",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2023-12-21T23:00:00.000+00:00",
"number": "15",
"summary": "Neue Updates von Dell aufgenommen"
},
{
"date": "2024-01-09T23:00:00.000+00:00",
"number": "16",
"summary": "Neue Updates von Amazon aufgenommen"
},
{
"date": "2024-02-11T23:00:00.000+00:00",
"number": "17",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-04-27T22:00:00.000+00:00",
"number": "18",
"summary": "Neue Updates von Red Hat aufgenommen"
}
],
"status": "final",
"version": "18"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Amazon Linux 2",
"product": {
"name": "Amazon Linux 2",
"product_id": "398363",
"product_identification_helper": {
"cpe": "cpe:/o:amazon:linux_2:-"
}
}
}
],
"category": "vendor",
"name": "Amazon"
},
{
"branches": [
{
"category": "product_name",
"name": "Dell NetWorker",
"product": {
"name": "Dell NetWorker",
"product_id": "T024663",
"product_identification_helper": {
"cpe": "cpe:/a:dell:networker:-"
}
}
}
],
"category": "vendor",
"name": "Dell"
},
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "9.1",
"product": {
"name": "IBM TXSeries 9.1",
"product_id": "T015903",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:txseries:for_multiplatforms_9.1"
}
}
},
{
"category": "product_version",
"name": "8.2",
"product": {
"name": "IBM TXSeries 8.2",
"product_id": "T015904",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:txseries:for_multiplatforms_8.2"
}
}
},
{
"category": "product_version",
"name": "8.1",
"product": {
"name": "IBM TXSeries 8.1",
"product_id": "T015905",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:txseries:for_multiplatforms_8.1"
}
}
}
],
"category": "product_name",
"name": "TXSeries"
},
{
"category": "product_name",
"name": "IBM WebSphere Application Server",
"product": {
"name": "IBM WebSphere Application Server",
"product_id": "5198",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:websphere_application_server:-"
}
}
}
],
"category": "vendor",
"name": "IBM"
},
{
"branches": [
{
"category": "product_name",
"name": "Oracle Linux",
"product": {
"name": "Oracle Linux",
"product_id": "T004914",
"product_identification_helper": {
"cpe": "cpe:/o:oracle:linux:-"
}
}
}
],
"category": "vendor",
"name": "Oracle"
},
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
},
{
"category": "product_version",
"name": "8",
"product": {
"name": "Red Hat Enterprise Linux 8",
"product_id": "T014111",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:8"
}
}
}
],
"category": "product_name",
"name": "Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "Clients 3",
"product": {
"name": "Red Hat JBoss A-MQ Clients 3",
"product_id": "T031509",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_amq:clients_3"
}
}
}
],
"category": "product_name",
"name": "JBoss A-MQ"
},
{
"branches": [
{
"category": "product_version_range",
"name": "build of Eclipse Vert.x \u003c4.3.",
"product": {
"name": "Red Hat OpenShift build of Eclipse Vert.x \u003c4.3.",
"product_id": "T024811"
}
},
{
"category": "product_version",
"name": "build of Eclipse Vert.x 4.3.",
"product": {
"name": "Red Hat OpenShift build of Eclipse Vert.x 4.3.",
"product_id": "T024811-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:build_of_eclipse_vert.x__4.3."
}
}
},
{
"category": "product_version",
"name": "container platform 4.0.51",
"product": {
"name": "Red Hat OpenShift container platform 4.0.51",
"product_id": "T026183",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:container_platform_4.0.51"
}
}
}
],
"category": "product_name",
"name": "OpenShift"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-25857",
"product_status": {
"known_affected": [
"T015905",
"T026183",
"T015904",
"5198",
"T015903",
"67646",
"T024811",
"T024663",
"398363",
"T004914",
"T014111",
"T031509"
]
},
"release_date": "2022-10-05T22:00:00.000+00:00",
"title": "CVE-2022-25857"
},
{
"cve": "CVE-2022-37734",
"product_status": {
"known_affected": [
"T015905",
"T026183",
"T015904",
"5198",
"T015903",
"67646",
"T024811",
"T024663",
"398363",
"T004914",
"T014111",
"T031509"
]
},
"release_date": "2022-10-05T22:00:00.000+00:00",
"title": "CVE-2022-37734"
},
{
"cve": "CVE-2022-38749",
"product_status": {
"known_affected": [
"T015905",
"T026183",
"T015904",
"5198",
"T015903",
"67646",
"T024811",
"T024663",
"398363",
"T004914",
"T014111",
"T031509"
]
},
"release_date": "2022-10-05T22:00:00.000+00:00",
"title": "CVE-2022-38749"
},
{
"cve": "CVE-2022-38750",
"product_status": {
"known_affected": [
"T015905",
"T026183",
"T015904",
"5198",
"T015903",
"67646",
"T024811",
"T024663",
"398363",
"T004914",
"T014111",
"T031509"
]
},
"release_date": "2022-10-05T22:00:00.000+00:00",
"title": "CVE-2022-38750"
},
{
"cve": "CVE-2022-38751",
"product_status": {
"known_affected": [
"T015905",
"T026183",
"T015904",
"5198",
"T015903",
"67646",
"T024811",
"T024663",
"398363",
"T004914",
"T014111",
"T031509"
]
},
"release_date": "2022-10-05T22:00:00.000+00:00",
"title": "CVE-2022-38751"
},
{
"cve": "CVE-2022-38752",
"product_status": {
"known_affected": [
"T015905",
"T026183",
"T015904",
"5198",
"T015903",
"67646",
"T024811",
"T024663",
"398363",
"T004914",
"T014111",
"T031509"
]
},
"release_date": "2022-10-05T22:00:00.000+00:00",
"title": "CVE-2022-38752"
}
]
}
WID-SEC-W-2022-1636
Vulnerability from csaf_certbund - Published: 2022-10-05 22:00 - Updated: 2025-06-24 22:00Summary
Red Hat JBoss Enterprise Application Platform: Mehrere Schwachstellen ermöglichen Denial of Service
Severity
Mittel
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: JBoss Enterprise Application Platform ist eine skalierbare Plattform für Java-Anwendungen, inklusive JBoss Application Server, JBoss Hibernate und Boss Seam.
Red Hat Enterprise Linux (RHEL) ist eine populäre Linux-Distribution.
Angriff: Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Red Hat JBoss Enterprise Application Platform und Red Hat Enterprise Linux ausnutzen, um einen Denial of Service Angriff durchzuführen.
Betroffene Betriebssysteme: - Linux
- UNIX
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux 7
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:7
|
7 | |
|
Red Hat JBoss Enterprise Application Platform <7.4.7
Red Hat / JBoss Enterprise Application Platform
|
<7.4.7 | ||
|
Red Hat Enterprise Linux 9
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:9
|
9 | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Red Hat Enterprise Linux 8
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:8
|
8 | |
|
Red Hat JBoss Enterprise Application Platform <7.3.13
Red Hat / JBoss Enterprise Application Platform
|
<7.3.13 |
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux 7
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:7
|
7 | |
|
Red Hat JBoss Enterprise Application Platform <7.4.7
Red Hat / JBoss Enterprise Application Platform
|
<7.4.7 | ||
|
Red Hat Enterprise Linux 9
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:9
|
9 | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Red Hat Enterprise Linux 8
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:8
|
8 | |
|
Red Hat JBoss Enterprise Application Platform <7.3.13
Red Hat / JBoss Enterprise Application Platform
|
<7.3.13 |
References
16 references
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "JBoss Enterprise Application Platform ist eine skalierbare Plattform f\u00fcr Java-Anwendungen, inklusive JBoss Application Server, JBoss Hibernate und Boss Seam.\r\nRed Hat Enterprise Linux (RHEL) ist eine popul\u00e4re Linux-Distribution.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Red Hat JBoss Enterprise Application Platform und Red Hat Enterprise Linux ausnutzen, um einen Denial of Service Angriff durchzuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- UNIX",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2022-1636 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2022/wid-sec-w-2022-1636.json"
},
{
"category": "self",
"summary": "WID-SEC-2022-1636 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-1636"
},
{
"category": "external",
"summary": "Red Hat Security Advisory vom 2022-10-05",
"url": "https://access.redhat.com/errata/RHSA-2022:6821"
},
{
"category": "external",
"summary": "Red Hat Security Advisory vom 2022-10-05",
"url": "https://access.redhat.com/errata/RHSA-2022:6822"
},
{
"category": "external",
"summary": "Red Hat Security Advisory vom 2022-10-05",
"url": "https://access.redhat.com/errata/RHSA-2022:6823"
},
{
"category": "external",
"summary": "Red Hat Security Advisory vom 2022-10-05",
"url": "https://access.redhat.com/errata/RHSA-2022:6825"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2022-6820 vom 2022-10-07",
"url": "http://linux.oracle.com/errata/ELSA-2022-6820.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:6835 vom 2022-10-06",
"url": "https://access.redhat.com/errata/RHSA-2022:6835"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:6941 vom 2022-10-13",
"url": "https://access.redhat.com/errata/RHSA-2022:6941"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:8652 vom 2022-11-28",
"url": "https://access.redhat.com/errata/RHSA-2022:8652"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:1043 vom 2023-03-02",
"url": "https://access.redhat.com/errata/RHSA-2023:1043"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS2-2023-1976 vom 2023-03-07",
"url": "https://alas.aws.amazon.com/AL2/ALAS-2023-1976.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:4983 vom 2023-09-05",
"url": "https://access.redhat.com/errata/RHSA-2023:4983"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:4226 vom 2025-04-28",
"url": "https://access.redhat.com/errata/RHSA-2025:4226"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:4437 vom 2025-05-05",
"url": "https://access.redhat.com/errata/RHSA-2025:4437"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:9583 vom 2025-06-25",
"url": "https://access.redhat.com/errata/RHSA-2025:9583"
}
],
"source_lang": "en-US",
"title": "Red Hat JBoss Enterprise Application Platform: Mehrere Schwachstellen erm\u00f6glichen Denial of Service",
"tracking": {
"current_release_date": "2025-06-24T22:00:00.000+00:00",
"generator": {
"date": "2025-06-25T11:35:49.702+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.12"
}
},
"id": "WID-SEC-W-2022-1636",
"initial_release_date": "2022-10-05T22:00:00.000+00:00",
"revision_history": [
{
"date": "2022-10-05T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2022-10-06T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von Oracle Linux und Red Hat aufgenommen"
},
{
"date": "2022-10-13T22:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2022-11-28T23:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2023-03-01T23:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2023-03-06T23:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates von Amazon aufgenommen"
},
{
"date": "2023-09-05T22:00:00.000+00:00",
"number": "7",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-04-27T22:00:00.000+00:00",
"number": "8",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-05-04T22:00:00.000+00:00",
"number": "9",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-06-24T22:00:00.000+00:00",
"number": "10",
"summary": "Neue Updates von Red Hat aufgenommen"
}
],
"status": "final",
"version": "10"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Amazon Linux 2",
"product": {
"name": "Amazon Linux 2",
"product_id": "398363",
"product_identification_helper": {
"cpe": "cpe:/o:amazon:linux_2:-"
}
}
}
],
"category": "vendor",
"name": "Amazon"
},
{
"branches": [
{
"category": "product_name",
"name": "Oracle Linux",
"product": {
"name": "Oracle Linux",
"product_id": "T004914",
"product_identification_helper": {
"cpe": "cpe:/o:oracle:linux:-"
}
}
}
],
"category": "vendor",
"name": "Oracle"
},
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
},
{
"category": "product_version",
"name": "7",
"product": {
"name": "Red Hat Enterprise Linux 7",
"product_id": "T007578",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7"
}
}
},
{
"category": "product_version",
"name": "8",
"product": {
"name": "Red Hat Enterprise Linux 8",
"product_id": "T014111",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:8"
}
}
},
{
"category": "product_version",
"name": "9",
"product": {
"name": "Red Hat Enterprise Linux 9",
"product_id": "T023632",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:9"
}
}
}
],
"category": "product_name",
"name": "Enterprise Linux"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c7.4.7",
"product": {
"name": "Red Hat JBoss Enterprise Application Platform \u003c7.4.7",
"product_id": "130262"
}
},
{
"category": "product_version",
"name": "7.4.7",
"product": {
"name": "Red Hat JBoss Enterprise Application Platform 7.4.7",
"product_id": "130262-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0"
}
}
},
{
"category": "product_version_range",
"name": "\u003c7.3.13",
"product": {
"name": "Red Hat JBoss Enterprise Application Platform \u003c7.3.13",
"product_id": "T043288"
}
},
{
"category": "product_version",
"name": "7.3.13",
"product": {
"name": "Red Hat JBoss Enterprise Application Platform 7.3.13",
"product_id": "T043288-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3.13"
}
}
}
],
"category": "product_name",
"name": "JBoss Enterprise Application Platform"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-2053",
"product_status": {
"known_affected": [
"T007578",
"130262",
"T023632",
"67646",
"398363",
"T004914",
"T014111",
"T043288"
]
},
"release_date": "2022-10-05T22:00:00.000+00:00",
"title": "CVE-2022-2053"
},
{
"cve": "CVE-2022-25857",
"product_status": {
"known_affected": [
"T007578",
"130262",
"T023632",
"67646",
"398363",
"T004914",
"T014111",
"T043288"
]
},
"release_date": "2022-10-05T22:00:00.000+00:00",
"title": "CVE-2022-25857"
}
]
}
WID-SEC-W-2022-2133
Vulnerability from csaf_certbund - Published: 2022-11-20 23:00 - Updated: 2025-11-18 23:00Summary
JFrog Artifactory: Mehrere Schwachstellen in Drittanbieter-Komponenten
Severity
Niedrig
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: JFrog Artifactory ist eine universelle DevOps-Lösung.
Angriff: JFrog Artifactory nutzt verschiedene Komponenten von Drittanbietern. Diese enthalten mehrere Schwachstellen. Neuen Informationen von JFrog zufolge sind diese Schwachstellen jedoch nicht in Produkten von JFrog ausnutzbar.
Betroffene Betriebssysteme: - Linux
- UNIX
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
JFrog Artifactory <7.47.7
JFrog / Artifactory
|
<7.47.7 | ||
|
HCL Domino
HCL
|
cpe:/a:hcltech:domino:-
|
— | |
|
Atlassian Bitbucket <9.4.13 (LTS)
Atlassian / Bitbucket
|
<9.4.13 (LTS) | ||
|
Atlassian Bitbucket <8.19.25 (LTS)
Atlassian / Bitbucket
|
<8.19.25 (LTS) | ||
|
Atlassian Bitbucket <10.0.2
Atlassian / Bitbucket
|
<10.0.2 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
JFrog Artifactory <7.47.7
JFrog / Artifactory
|
<7.47.7 | ||
|
HCL Domino
HCL
|
cpe:/a:hcltech:domino:-
|
— | |
|
Atlassian Bitbucket <9.4.13 (LTS)
Atlassian / Bitbucket
|
<9.4.13 (LTS) | ||
|
Atlassian Bitbucket <8.19.25 (LTS)
Atlassian / Bitbucket
|
<8.19.25 (LTS) | ||
|
Atlassian Bitbucket <10.0.2
Atlassian / Bitbucket
|
<10.0.2 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
JFrog Artifactory <7.47.7
JFrog / Artifactory
|
<7.47.7 | ||
|
HCL Domino
HCL
|
cpe:/a:hcltech:domino:-
|
— | |
|
Atlassian Bitbucket <9.4.13 (LTS)
Atlassian / Bitbucket
|
<9.4.13 (LTS) | ||
|
Atlassian Bitbucket <8.19.25 (LTS)
Atlassian / Bitbucket
|
<8.19.25 (LTS) | ||
|
Atlassian Bitbucket <10.0.2
Atlassian / Bitbucket
|
<10.0.2 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
JFrog Artifactory <7.47.7
JFrog / Artifactory
|
<7.47.7 | ||
|
HCL Domino
HCL
|
cpe:/a:hcltech:domino:-
|
— | |
|
Atlassian Bitbucket <9.4.13 (LTS)
Atlassian / Bitbucket
|
<9.4.13 (LTS) | ||
|
Atlassian Bitbucket <8.19.25 (LTS)
Atlassian / Bitbucket
|
<8.19.25 (LTS) | ||
|
Atlassian Bitbucket <10.0.2
Atlassian / Bitbucket
|
<10.0.2 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
JFrog Artifactory <7.47.7
JFrog / Artifactory
|
<7.47.7 | ||
|
HCL Domino
HCL
|
cpe:/a:hcltech:domino:-
|
— | |
|
Atlassian Bitbucket <9.4.13 (LTS)
Atlassian / Bitbucket
|
<9.4.13 (LTS) | ||
|
Atlassian Bitbucket <8.19.25 (LTS)
Atlassian / Bitbucket
|
<8.19.25 (LTS) | ||
|
Atlassian Bitbucket <10.0.2
Atlassian / Bitbucket
|
<10.0.2 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
JFrog Artifactory <7.47.7
JFrog / Artifactory
|
<7.47.7 | ||
|
HCL Domino
HCL
|
cpe:/a:hcltech:domino:-
|
— | |
|
Atlassian Bitbucket <9.4.13 (LTS)
Atlassian / Bitbucket
|
<9.4.13 (LTS) | ||
|
Atlassian Bitbucket <8.19.25 (LTS)
Atlassian / Bitbucket
|
<8.19.25 (LTS) | ||
|
Atlassian Bitbucket <10.0.2
Atlassian / Bitbucket
|
<10.0.2 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
JFrog Artifactory <7.47.7
JFrog / Artifactory
|
<7.47.7 | ||
|
HCL Domino
HCL
|
cpe:/a:hcltech:domino:-
|
— | |
|
Atlassian Bitbucket <9.4.13 (LTS)
Atlassian / Bitbucket
|
<9.4.13 (LTS) | ||
|
Atlassian Bitbucket <8.19.25 (LTS)
Atlassian / Bitbucket
|
<8.19.25 (LTS) | ||
|
Atlassian Bitbucket <10.0.2
Atlassian / Bitbucket
|
<10.0.2 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
JFrog Artifactory <7.47.7
JFrog / Artifactory
|
<7.47.7 | ||
|
HCL Domino
HCL
|
cpe:/a:hcltech:domino:-
|
— | |
|
Atlassian Bitbucket <9.4.13 (LTS)
Atlassian / Bitbucket
|
<9.4.13 (LTS) | ||
|
Atlassian Bitbucket <8.19.25 (LTS)
Atlassian / Bitbucket
|
<8.19.25 (LTS) | ||
|
Atlassian Bitbucket <10.0.2
Atlassian / Bitbucket
|
<10.0.2 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
JFrog Artifactory <7.47.7
JFrog / Artifactory
|
<7.47.7 | ||
|
HCL Domino
HCL
|
cpe:/a:hcltech:domino:-
|
— | |
|
Atlassian Bitbucket <9.4.13 (LTS)
Atlassian / Bitbucket
|
<9.4.13 (LTS) | ||
|
Atlassian Bitbucket <8.19.25 (LTS)
Atlassian / Bitbucket
|
<8.19.25 (LTS) | ||
|
Atlassian Bitbucket <10.0.2
Atlassian / Bitbucket
|
<10.0.2 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
JFrog Artifactory <7.47.7
JFrog / Artifactory
|
<7.47.7 | ||
|
HCL Domino
HCL
|
cpe:/a:hcltech:domino:-
|
— | |
|
Atlassian Bitbucket <9.4.13 (LTS)
Atlassian / Bitbucket
|
<9.4.13 (LTS) | ||
|
Atlassian Bitbucket <8.19.25 (LTS)
Atlassian / Bitbucket
|
<8.19.25 (LTS) | ||
|
Atlassian Bitbucket <10.0.2
Atlassian / Bitbucket
|
<10.0.2 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
JFrog Artifactory <7.47.7
JFrog / Artifactory
|
<7.47.7 | ||
|
HCL Domino
HCL
|
cpe:/a:hcltech:domino:-
|
— | |
|
Atlassian Bitbucket <9.4.13 (LTS)
Atlassian / Bitbucket
|
<9.4.13 (LTS) | ||
|
Atlassian Bitbucket <8.19.25 (LTS)
Atlassian / Bitbucket
|
<8.19.25 (LTS) | ||
|
Atlassian Bitbucket <10.0.2
Atlassian / Bitbucket
|
<10.0.2 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
JFrog Artifactory <7.47.7
JFrog / Artifactory
|
<7.47.7 | ||
|
HCL Domino
HCL
|
cpe:/a:hcltech:domino:-
|
— | |
|
Atlassian Bitbucket <9.4.13 (LTS)
Atlassian / Bitbucket
|
<9.4.13 (LTS) | ||
|
Atlassian Bitbucket <8.19.25 (LTS)
Atlassian / Bitbucket
|
<8.19.25 (LTS) | ||
|
Atlassian Bitbucket <10.0.2
Atlassian / Bitbucket
|
<10.0.2 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
JFrog Artifactory <7.47.7
JFrog / Artifactory
|
<7.47.7 | ||
|
HCL Domino
HCL
|
cpe:/a:hcltech:domino:-
|
— | |
|
Atlassian Bitbucket <9.4.13 (LTS)
Atlassian / Bitbucket
|
<9.4.13 (LTS) | ||
|
Atlassian Bitbucket <8.19.25 (LTS)
Atlassian / Bitbucket
|
<8.19.25 (LTS) | ||
|
Atlassian Bitbucket <10.0.2
Atlassian / Bitbucket
|
<10.0.2 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
JFrog Artifactory <7.47.7
JFrog / Artifactory
|
<7.47.7 | ||
|
HCL Domino
HCL
|
cpe:/a:hcltech:domino:-
|
— | |
|
Atlassian Bitbucket <9.4.13 (LTS)
Atlassian / Bitbucket
|
<9.4.13 (LTS) | ||
|
Atlassian Bitbucket <8.19.25 (LTS)
Atlassian / Bitbucket
|
<8.19.25 (LTS) | ||
|
Atlassian Bitbucket <10.0.2
Atlassian / Bitbucket
|
<10.0.2 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
JFrog Artifactory <7.47.7
JFrog / Artifactory
|
<7.47.7 | ||
|
HCL Domino
HCL
|
cpe:/a:hcltech:domino:-
|
— | |
|
Atlassian Bitbucket <9.4.13 (LTS)
Atlassian / Bitbucket
|
<9.4.13 (LTS) | ||
|
Atlassian Bitbucket <8.19.25 (LTS)
Atlassian / Bitbucket
|
<8.19.25 (LTS) | ||
|
Atlassian Bitbucket <10.0.2
Atlassian / Bitbucket
|
<10.0.2 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
JFrog Artifactory <7.47.7
JFrog / Artifactory
|
<7.47.7 | ||
|
HCL Domino
HCL
|
cpe:/a:hcltech:domino:-
|
— | |
|
Atlassian Bitbucket <9.4.13 (LTS)
Atlassian / Bitbucket
|
<9.4.13 (LTS) | ||
|
Atlassian Bitbucket <8.19.25 (LTS)
Atlassian / Bitbucket
|
<8.19.25 (LTS) | ||
|
Atlassian Bitbucket <10.0.2
Atlassian / Bitbucket
|
<10.0.2 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
JFrog Artifactory <7.47.7
JFrog / Artifactory
|
<7.47.7 | ||
|
HCL Domino
HCL
|
cpe:/a:hcltech:domino:-
|
— | |
|
Atlassian Bitbucket <9.4.13 (LTS)
Atlassian / Bitbucket
|
<9.4.13 (LTS) | ||
|
Atlassian Bitbucket <8.19.25 (LTS)
Atlassian / Bitbucket
|
<8.19.25 (LTS) | ||
|
Atlassian Bitbucket <10.0.2
Atlassian / Bitbucket
|
<10.0.2 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
JFrog Artifactory <7.47.7
JFrog / Artifactory
|
<7.47.7 | ||
|
HCL Domino
HCL
|
cpe:/a:hcltech:domino:-
|
— | |
|
Atlassian Bitbucket <9.4.13 (LTS)
Atlassian / Bitbucket
|
<9.4.13 (LTS) | ||
|
Atlassian Bitbucket <8.19.25 (LTS)
Atlassian / Bitbucket
|
<8.19.25 (LTS) | ||
|
Atlassian Bitbucket <10.0.2
Atlassian / Bitbucket
|
<10.0.2 |
References
6 references
{
"document": {
"aggregate_severity": {
"text": "niedrig"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "JFrog Artifactory ist eine universelle DevOps-L\u00f6sung.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "JFrog Artifactory nutzt verschiedene Komponenten von Drittanbietern. Diese enthalten mehrere Schwachstellen. Neuen Informationen von JFrog zufolge sind diese Schwachstellen jedoch nicht in Produkten von JFrog ausnutzbar.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- UNIX",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2022-2133 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2022/wid-sec-w-2022-2133.json"
},
{
"category": "self",
"summary": "WID-SEC-2022-2133 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-2133"
},
{
"category": "external",
"summary": "JFrog Fixed Security Vulnerabilities vom 2022-11-20",
"url": "https://www.jfrog.com/confluence/display/JFROG/Fixed+Security+Vulnerabilities"
},
{
"category": "external",
"summary": "JFrog Fixed Security Vulnerabilities - \u00c4nderungen vom 2022-11-24",
"url": "https://www.jfrog.com/confluence/pages/diffpagesbyversion.action?pageId=102634317\u0026selectedPageVersions=159\u0026selectedPageVersions=156"
},
{
"category": "external",
"summary": "HCL Article KB0102172 vom 2022-12-19",
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0102172"
},
{
"category": "external",
"summary": "Atlassian Security Bulletin - November 18 2025",
"url": "https://confluence.atlassian.com/security/security-bulletin-november-18-2025-1671463469.html"
}
],
"source_lang": "en-US",
"title": "JFrog Artifactory: Mehrere Schwachstellen in Drittanbieter-Komponenten",
"tracking": {
"current_release_date": "2025-11-18T23:00:00.000+00:00",
"generator": {
"date": "2025-11-19T09:42:47.149+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.5.0"
}
},
"id": "WID-SEC-W-2022-2133",
"initial_release_date": "2022-11-20T23:00:00.000+00:00",
"revision_history": [
{
"date": "2022-11-20T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2022-11-30T23:00:00.000+00:00",
"number": "2",
"summary": "Neue Informationen von JFrog aufgenommen"
},
{
"date": "2022-12-19T23:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von HCL aufgenommen"
},
{
"date": "2025-11-18T23:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates aufgenommen"
}
],
"status": "final",
"version": "4"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c10.0.2",
"product": {
"name": "Atlassian Bitbucket \u003c10.0.2",
"product_id": "T048675"
}
},
{
"category": "product_version",
"name": "10.0.2",
"product": {
"name": "Atlassian Bitbucket 10.0.2",
"product_id": "T048675-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:bitbucket:10.0.2"
}
}
},
{
"category": "product_version_range",
"name": "\u003c8.19.25 (LTS)",
"product": {
"name": "Atlassian Bitbucket \u003c8.19.25 (LTS)",
"product_id": "T048676"
}
},
{
"category": "product_version",
"name": "8.19.25 (LTS)",
"product": {
"name": "Atlassian Bitbucket 8.19.25 (LTS)",
"product_id": "T048676-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:bitbucket:8.19.25_%28lts%29"
}
}
},
{
"category": "product_version_range",
"name": "\u003c9.4.13 (LTS)",
"product": {
"name": "Atlassian Bitbucket \u003c9.4.13 (LTS)",
"product_id": "T048677"
}
},
{
"category": "product_version",
"name": "9.4.13 (LTS)",
"product": {
"name": "Atlassian Bitbucket 9.4.13 (LTS)",
"product_id": "T048677-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:bitbucket:9.4.13_%28lts%29"
}
}
}
],
"category": "product_name",
"name": "Bitbucket"
}
],
"category": "vendor",
"name": "Atlassian"
},
{
"branches": [
{
"category": "product_name",
"name": "HCL Domino",
"product": {
"name": "HCL Domino",
"product_id": "777623",
"product_identification_helper": {
"cpe": "cpe:/a:hcltech:domino:-"
}
}
}
],
"category": "vendor",
"name": "HCL"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c7.47.7",
"product": {
"name": "JFrog Artifactory \u003c7.47.7",
"product_id": "T025370"
}
},
{
"category": "product_version",
"name": "7.47.7",
"product": {
"name": "JFrog Artifactory 7.47.7",
"product_id": "T025370-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:jfrog:artifactory:7.47.7"
}
}
}
],
"category": "product_name",
"name": "Artifactory"
}
],
"category": "vendor",
"name": "JFrog"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-16869",
"product_status": {
"known_affected": [
"T025370",
"777623",
"T048677",
"T048676",
"T048675"
]
},
"release_date": "2022-11-20T23:00:00.000+00:00",
"title": "CVE-2019-16869"
},
{
"cve": "CVE-2019-20444",
"product_status": {
"known_affected": [
"T025370",
"777623",
"T048677",
"T048676",
"T048675"
]
},
"release_date": "2022-11-20T23:00:00.000+00:00",
"title": "CVE-2019-20444"
},
{
"cve": "CVE-2019-20445",
"product_status": {
"known_affected": [
"T025370",
"777623",
"T048677",
"T048676",
"T048675"
]
},
"release_date": "2022-11-20T23:00:00.000+00:00",
"title": "CVE-2019-20445"
},
{
"cve": "CVE-2020-7608",
"product_status": {
"known_affected": [
"T025370",
"777623",
"T048677",
"T048676",
"T048675"
]
},
"release_date": "2022-11-20T23:00:00.000+00:00",
"title": "CVE-2020-7608"
},
{
"cve": "CVE-2020-7789",
"product_status": {
"known_affected": [
"T025370",
"777623",
"T048677",
"T048676",
"T048675"
]
},
"release_date": "2022-11-20T23:00:00.000+00:00",
"title": "CVE-2020-7789"
},
{
"cve": "CVE-2021-26291",
"product_status": {
"known_affected": [
"T025370",
"777623",
"T048677",
"T048676",
"T048675"
]
},
"release_date": "2022-11-20T23:00:00.000+00:00",
"title": "CVE-2021-26291"
},
{
"cve": "CVE-2021-3807",
"product_status": {
"known_affected": [
"T025370",
"777623",
"T048677",
"T048676",
"T048675"
]
},
"release_date": "2022-11-20T23:00:00.000+00:00",
"title": "CVE-2021-3807"
},
{
"cve": "CVE-2021-44906",
"product_status": {
"known_affected": [
"T025370",
"777623",
"T048677",
"T048676",
"T048675"
]
},
"release_date": "2022-11-20T23:00:00.000+00:00",
"title": "CVE-2021-44906"
},
{
"cve": "CVE-2022-0235",
"product_status": {
"known_affected": [
"T025370",
"777623",
"T048677",
"T048676",
"T048675"
]
},
"release_date": "2022-11-20T23:00:00.000+00:00",
"title": "CVE-2022-0235"
},
{
"cve": "CVE-2022-1962",
"product_status": {
"known_affected": [
"T025370",
"777623",
"T048677",
"T048676",
"T048675"
]
},
"release_date": "2022-11-20T23:00:00.000+00:00",
"title": "CVE-2022-1962"
},
{
"cve": "CVE-2022-24823",
"product_status": {
"known_affected": [
"T025370",
"777623",
"T048677",
"T048676",
"T048675"
]
},
"release_date": "2022-11-20T23:00:00.000+00:00",
"title": "CVE-2022-24823"
},
{
"cve": "CVE-2022-25857",
"product_status": {
"known_affected": [
"T025370",
"777623",
"T048677",
"T048676",
"T048675"
]
},
"release_date": "2022-11-20T23:00:00.000+00:00",
"title": "CVE-2022-25857"
},
{
"cve": "CVE-2022-25878",
"product_status": {
"known_affected": [
"T025370",
"777623",
"T048677",
"T048676",
"T048675"
]
},
"release_date": "2022-11-20T23:00:00.000+00:00",
"title": "CVE-2022-25878"
},
{
"cve": "CVE-2022-27191",
"product_status": {
"known_affected": [
"T025370",
"777623",
"T048677",
"T048676",
"T048675"
]
},
"release_date": "2022-11-20T23:00:00.000+00:00",
"title": "CVE-2022-27191"
},
{
"cve": "CVE-2022-28131",
"product_status": {
"known_affected": [
"T025370",
"777623",
"T048677",
"T048676",
"T048675"
]
},
"release_date": "2022-11-20T23:00:00.000+00:00",
"title": "CVE-2022-28131"
},
{
"cve": "CVE-2022-30187",
"product_status": {
"known_affected": [
"T025370",
"777623",
"T048677",
"T048676",
"T048675"
]
},
"release_date": "2022-11-20T23:00:00.000+00:00",
"title": "CVE-2022-30187"
},
{
"cve": "CVE-2022-30633",
"product_status": {
"known_affected": [
"T025370",
"777623",
"T048677",
"T048676",
"T048675"
]
},
"release_date": "2022-11-20T23:00:00.000+00:00",
"title": "CVE-2022-30633"
},
{
"cve": "CVE-2022-30635",
"product_status": {
"known_affected": [
"T025370",
"777623",
"T048677",
"T048676",
"T048675"
]
},
"release_date": "2022-11-20T23:00:00.000+00:00",
"title": "CVE-2022-30635"
}
]
}
WID-SEC-W-2022-2286
Vulnerability from csaf_certbund - Published: 2022-12-11 23:00 - Updated: 2023-02-27 23:00Summary
IBM Business Automation Workflow: Mehrere Schwachstellen ermöglichen Denial of Service
Severity
Mittel
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: IBM Business Automation Workflow ist eine Lösung zur Automatisierung von Arbeitsabläufen.
Angriff: Ein Angreifer kann mehrere Schwachstellen in IBM Business Automation Workflow ausnutzen, um einen Denial of Service Angriff durchzuführen.
Betroffene Betriebssysteme: - Sonstiges
In IBM Business Automation Workflow existieren mehrere Schwachstellen. Die Fehler bestehen aufgrund mehrerer stapelbasierter Pufferüberläufe, einer fehlenden Begrenzung der Verschachtelungstiefe für Sammlungen und einer fehlenden Prüfung in den Primitive Value Deserializern und den BeanDeserializern in den Komponenten SnakeYAML und FasterXML jackson-databind. Ein entfernter anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, indem er eine speziell gestaltete Anfrage sendet oder ein Opfer dazu bringt, eine speziell gestaltete Datei zu öffnen, um einen Denial-of-Service-Zustand zu verursachen. Die erfolgreiche Ausnutzung einiger der Schwachstellen erfordert eine Benutzerinteraktion.
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM Business Automation Workflow 20.0.0.2
IBM / Business Automation Workflow
|
cpe:/a:ibm:business_automation_workflow:20.0.0.2
|
— | |
|
IBM Business Automation Workflow 19.0.0.3
IBM / Business Automation Workflow
|
cpe:/a:ibm:business_automation_workflow:19.0.0.3
|
— | |
|
IBM Business Automation Workflow 22.0.1
IBM / Business Automation Workflow
|
cpe:/a:ibm:business_automation_workflow:22.0.1
|
— | |
|
IBM Business Automation Workflow 18.0.0.2
IBM / Business Automation Workflow
|
cpe:/a:ibm:business_automation_workflow:18.0.0.2
|
— | |
|
IBM Business Automation Workflow 22.0.2
IBM / Business Automation Workflow
|
cpe:/a:ibm:business_automation_workflow:22.0.2
|
— | |
|
IBM Business Automation Workflow 21.0.3
IBM / Business Automation Workflow
|
cpe:/a:ibm:business_automation_workflow:21.0.3
|
— |
In IBM Business Automation Workflow existieren mehrere Schwachstellen. Die Fehler bestehen aufgrund mehrerer stapelbasierter Pufferüberläufe, einer fehlenden Begrenzung der Verschachtelungstiefe für Sammlungen und einer fehlenden Prüfung in den Primitive Value Deserializern und den BeanDeserializern in den Komponenten SnakeYAML und FasterXML jackson-databind. Ein entfernter anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, indem er eine speziell gestaltete Anfrage sendet oder ein Opfer dazu bringt, eine speziell gestaltete Datei zu öffnen, um einen Denial-of-Service-Zustand zu verursachen. Die erfolgreiche Ausnutzung einiger der Schwachstellen erfordert eine Benutzerinteraktion.
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM Business Automation Workflow 20.0.0.2
IBM / Business Automation Workflow
|
cpe:/a:ibm:business_automation_workflow:20.0.0.2
|
— | |
|
IBM Business Automation Workflow 19.0.0.3
IBM / Business Automation Workflow
|
cpe:/a:ibm:business_automation_workflow:19.0.0.3
|
— | |
|
IBM Business Automation Workflow 22.0.1
IBM / Business Automation Workflow
|
cpe:/a:ibm:business_automation_workflow:22.0.1
|
— | |
|
IBM Business Automation Workflow 18.0.0.2
IBM / Business Automation Workflow
|
cpe:/a:ibm:business_automation_workflow:18.0.0.2
|
— | |
|
IBM Business Automation Workflow 22.0.2
IBM / Business Automation Workflow
|
cpe:/a:ibm:business_automation_workflow:22.0.2
|
— | |
|
IBM Business Automation Workflow 21.0.3
IBM / Business Automation Workflow
|
cpe:/a:ibm:business_automation_workflow:21.0.3
|
— |
In IBM Business Automation Workflow existieren mehrere Schwachstellen. Die Fehler bestehen aufgrund mehrerer stapelbasierter Pufferüberläufe, einer fehlenden Begrenzung der Verschachtelungstiefe für Sammlungen und einer fehlenden Prüfung in den Primitive Value Deserializern und den BeanDeserializern in den Komponenten SnakeYAML und FasterXML jackson-databind. Ein entfernter anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, indem er eine speziell gestaltete Anfrage sendet oder ein Opfer dazu bringt, eine speziell gestaltete Datei zu öffnen, um einen Denial-of-Service-Zustand zu verursachen. Die erfolgreiche Ausnutzung einiger der Schwachstellen erfordert eine Benutzerinteraktion.
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM Business Automation Workflow 20.0.0.2
IBM / Business Automation Workflow
|
cpe:/a:ibm:business_automation_workflow:20.0.0.2
|
— | |
|
IBM Business Automation Workflow 19.0.0.3
IBM / Business Automation Workflow
|
cpe:/a:ibm:business_automation_workflow:19.0.0.3
|
— | |
|
IBM Business Automation Workflow 22.0.1
IBM / Business Automation Workflow
|
cpe:/a:ibm:business_automation_workflow:22.0.1
|
— | |
|
IBM Business Automation Workflow 18.0.0.2
IBM / Business Automation Workflow
|
cpe:/a:ibm:business_automation_workflow:18.0.0.2
|
— | |
|
IBM Business Automation Workflow 22.0.2
IBM / Business Automation Workflow
|
cpe:/a:ibm:business_automation_workflow:22.0.2
|
— | |
|
IBM Business Automation Workflow 21.0.3
IBM / Business Automation Workflow
|
cpe:/a:ibm:business_automation_workflow:21.0.3
|
— |
In IBM Business Automation Workflow existieren mehrere Schwachstellen. Die Fehler bestehen aufgrund mehrerer stapelbasierter Pufferüberläufe, einer fehlenden Begrenzung der Verschachtelungstiefe für Sammlungen und einer fehlenden Prüfung in den Primitive Value Deserializern und den BeanDeserializern in den Komponenten SnakeYAML und FasterXML jackson-databind. Ein entfernter anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, indem er eine speziell gestaltete Anfrage sendet oder ein Opfer dazu bringt, eine speziell gestaltete Datei zu öffnen, um einen Denial-of-Service-Zustand zu verursachen. Die erfolgreiche Ausnutzung einiger der Schwachstellen erfordert eine Benutzerinteraktion.
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM Business Automation Workflow 20.0.0.2
IBM / Business Automation Workflow
|
cpe:/a:ibm:business_automation_workflow:20.0.0.2
|
— | |
|
IBM Business Automation Workflow 19.0.0.3
IBM / Business Automation Workflow
|
cpe:/a:ibm:business_automation_workflow:19.0.0.3
|
— | |
|
IBM Business Automation Workflow 22.0.1
IBM / Business Automation Workflow
|
cpe:/a:ibm:business_automation_workflow:22.0.1
|
— | |
|
IBM Business Automation Workflow 18.0.0.2
IBM / Business Automation Workflow
|
cpe:/a:ibm:business_automation_workflow:18.0.0.2
|
— | |
|
IBM Business Automation Workflow 22.0.2
IBM / Business Automation Workflow
|
cpe:/a:ibm:business_automation_workflow:22.0.2
|
— | |
|
IBM Business Automation Workflow 21.0.3
IBM / Business Automation Workflow
|
cpe:/a:ibm:business_automation_workflow:21.0.3
|
— |
In IBM Business Automation Workflow existieren mehrere Schwachstellen. Die Fehler bestehen aufgrund mehrerer stapelbasierter Pufferüberläufe, einer fehlenden Begrenzung der Verschachtelungstiefe für Sammlungen und einer fehlenden Prüfung in den Primitive Value Deserializern und den BeanDeserializern in den Komponenten SnakeYAML und FasterXML jackson-databind. Ein entfernter anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, indem er eine speziell gestaltete Anfrage sendet oder ein Opfer dazu bringt, eine speziell gestaltete Datei zu öffnen, um einen Denial-of-Service-Zustand zu verursachen. Die erfolgreiche Ausnutzung einiger der Schwachstellen erfordert eine Benutzerinteraktion.
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM Business Automation Workflow 20.0.0.2
IBM / Business Automation Workflow
|
cpe:/a:ibm:business_automation_workflow:20.0.0.2
|
— | |
|
IBM Business Automation Workflow 19.0.0.3
IBM / Business Automation Workflow
|
cpe:/a:ibm:business_automation_workflow:19.0.0.3
|
— | |
|
IBM Business Automation Workflow 22.0.1
IBM / Business Automation Workflow
|
cpe:/a:ibm:business_automation_workflow:22.0.1
|
— | |
|
IBM Business Automation Workflow 18.0.0.2
IBM / Business Automation Workflow
|
cpe:/a:ibm:business_automation_workflow:18.0.0.2
|
— | |
|
IBM Business Automation Workflow 22.0.2
IBM / Business Automation Workflow
|
cpe:/a:ibm:business_automation_workflow:22.0.2
|
— | |
|
IBM Business Automation Workflow 21.0.3
IBM / Business Automation Workflow
|
cpe:/a:ibm:business_automation_workflow:21.0.3
|
— |
In IBM Business Automation Workflow existieren mehrere Schwachstellen. Die Fehler bestehen aufgrund mehrerer stapelbasierter Pufferüberläufe, einer fehlenden Begrenzung der Verschachtelungstiefe für Sammlungen und einer fehlenden Prüfung in den Primitive Value Deserializern und den BeanDeserializern in den Komponenten SnakeYAML und FasterXML jackson-databind. Ein entfernter anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, indem er eine speziell gestaltete Anfrage sendet oder ein Opfer dazu bringt, eine speziell gestaltete Datei zu öffnen, um einen Denial-of-Service-Zustand zu verursachen. Die erfolgreiche Ausnutzung einiger der Schwachstellen erfordert eine Benutzerinteraktion.
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM Business Automation Workflow 20.0.0.2
IBM / Business Automation Workflow
|
cpe:/a:ibm:business_automation_workflow:20.0.0.2
|
— | |
|
IBM Business Automation Workflow 19.0.0.3
IBM / Business Automation Workflow
|
cpe:/a:ibm:business_automation_workflow:19.0.0.3
|
— | |
|
IBM Business Automation Workflow 22.0.1
IBM / Business Automation Workflow
|
cpe:/a:ibm:business_automation_workflow:22.0.1
|
— | |
|
IBM Business Automation Workflow 18.0.0.2
IBM / Business Automation Workflow
|
cpe:/a:ibm:business_automation_workflow:18.0.0.2
|
— | |
|
IBM Business Automation Workflow 22.0.2
IBM / Business Automation Workflow
|
cpe:/a:ibm:business_automation_workflow:22.0.2
|
— | |
|
IBM Business Automation Workflow 21.0.3
IBM / Business Automation Workflow
|
cpe:/a:ibm:business_automation_workflow:21.0.3
|
— |
In IBM Business Automation Workflow existieren mehrere Schwachstellen. Die Fehler bestehen aufgrund mehrerer stapelbasierter Pufferüberläufe, einer fehlenden Begrenzung der Verschachtelungstiefe für Sammlungen und einer fehlenden Prüfung in den Primitive Value Deserializern und den BeanDeserializern in den Komponenten SnakeYAML und FasterXML jackson-databind. Ein entfernter anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, indem er eine speziell gestaltete Anfrage sendet oder ein Opfer dazu bringt, eine speziell gestaltete Datei zu öffnen, um einen Denial-of-Service-Zustand zu verursachen. Die erfolgreiche Ausnutzung einiger der Schwachstellen erfordert eine Benutzerinteraktion.
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM Business Automation Workflow 20.0.0.2
IBM / Business Automation Workflow
|
cpe:/a:ibm:business_automation_workflow:20.0.0.2
|
— | |
|
IBM Business Automation Workflow 19.0.0.3
IBM / Business Automation Workflow
|
cpe:/a:ibm:business_automation_workflow:19.0.0.3
|
— | |
|
IBM Business Automation Workflow 22.0.1
IBM / Business Automation Workflow
|
cpe:/a:ibm:business_automation_workflow:22.0.1
|
— | |
|
IBM Business Automation Workflow 18.0.0.2
IBM / Business Automation Workflow
|
cpe:/a:ibm:business_automation_workflow:18.0.0.2
|
— | |
|
IBM Business Automation Workflow 22.0.2
IBM / Business Automation Workflow
|
cpe:/a:ibm:business_automation_workflow:22.0.2
|
— | |
|
IBM Business Automation Workflow 21.0.3
IBM / Business Automation Workflow
|
cpe:/a:ibm:business_automation_workflow:21.0.3
|
— |
References
5 references
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "IBM Business Automation Workflow ist eine L\u00f6sung zur Automatisierung von Arbeitsabl\u00e4ufen.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein Angreifer kann mehrere Schwachstellen in IBM Business Automation Workflow ausnutzen, um einen Denial of Service Angriff durchzuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Sonstiges",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2022-2286 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2022/wid-sec-w-2022-2286.json"
},
{
"category": "self",
"summary": "WID-SEC-2022-2286 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-2286"
},
{
"category": "external",
"summary": "IBM Security Bulletin 6958693 vom 2023-02-27",
"url": "https://www.ibm.com/support/pages/node/6958693"
},
{
"category": "external",
"summary": "IBM Security Advisory vom 2022-12-11",
"url": "https://www.ibm.com/support/pages/node/6845796"
},
{
"category": "external",
"summary": "IBM Security Bulletin 6856761 vom 2023-01-20",
"url": "https://www.ibm.com/support/pages/node/6856761"
}
],
"source_lang": "en-US",
"title": "IBM Business Automation Workflow: Mehrere Schwachstellen erm\u00f6glichen Denial of Service",
"tracking": {
"current_release_date": "2023-02-27T23:00:00.000+00:00",
"generator": {
"date": "2024-08-15T17:39:40.132+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.5"
}
},
"id": "WID-SEC-W-2022-2286",
"initial_release_date": "2022-12-11T23:00:00.000+00:00",
"revision_history": [
{
"date": "2022-12-11T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2023-01-22T23:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2023-02-27T23:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von IBM aufgenommen"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "IBM Business Automation Workflow 21.0.3",
"product": {
"name": "IBM Business Automation Workflow 21.0.3",
"product_id": "1150328",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:business_automation_workflow:21.0.3"
}
}
},
{
"category": "product_name",
"name": "IBM Business Automation Workflow 22.0.1",
"product": {
"name": "IBM Business Automation Workflow 22.0.1",
"product_id": "1268578",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:business_automation_workflow:22.0.1"
}
}
},
{
"category": "product_name",
"name": "IBM Business Automation Workflow 18.0.0.2",
"product": {
"name": "IBM Business Automation Workflow 18.0.0.2",
"product_id": "428468",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:business_automation_workflow:18.0.0.2"
}
}
},
{
"category": "product_name",
"name": "IBM Business Automation Workflow 19.0.0.3",
"product": {
"name": "IBM Business Automation Workflow 19.0.0.3",
"product_id": "672244",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:business_automation_workflow:19.0.0.3"
}
}
},
{
"category": "product_name",
"name": "IBM Business Automation Workflow 20.0.0.2",
"product": {
"name": "IBM Business Automation Workflow 20.0.0.2",
"product_id": "867560",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:business_automation_workflow:20.0.0.2"
}
}
},
{
"category": "product_name",
"name": "IBM Business Automation Workflow 22.0.2",
"product": {
"name": "IBM Business Automation Workflow 22.0.2",
"product_id": "T025770",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:business_automation_workflow:22.0.2"
}
}
}
],
"category": "product_name",
"name": "Business Automation Workflow"
}
],
"category": "vendor",
"name": "IBM"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-42004",
"notes": [
{
"category": "description",
"text": "In IBM Business Automation Workflow existieren mehrere Schwachstellen. Die Fehler bestehen aufgrund mehrerer stapelbasierter Puffer\u00fcberl\u00e4ufe, einer fehlenden Begrenzung der Verschachtelungstiefe f\u00fcr Sammlungen und einer fehlenden Pr\u00fcfung in den Primitive Value Deserializern und den BeanDeserializern in den Komponenten SnakeYAML und FasterXML jackson-databind. Ein entfernter anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, indem er eine speziell gestaltete Anfrage sendet oder ein Opfer dazu bringt, eine speziell gestaltete Datei zu \u00f6ffnen, um einen Denial-of-Service-Zustand zu verursachen. Die erfolgreiche Ausnutzung einiger der Schwachstellen erfordert eine Benutzerinteraktion."
}
],
"product_status": {
"known_affected": [
"867560",
"672244",
"1268578",
"428468",
"T025770",
"1150328"
]
},
"release_date": "2022-12-11T23:00:00.000+00:00",
"title": "CVE-2022-42004"
},
{
"cve": "CVE-2022-42003",
"notes": [
{
"category": "description",
"text": "In IBM Business Automation Workflow existieren mehrere Schwachstellen. Die Fehler bestehen aufgrund mehrerer stapelbasierter Puffer\u00fcberl\u00e4ufe, einer fehlenden Begrenzung der Verschachtelungstiefe f\u00fcr Sammlungen und einer fehlenden Pr\u00fcfung in den Primitive Value Deserializern und den BeanDeserializern in den Komponenten SnakeYAML und FasterXML jackson-databind. Ein entfernter anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, indem er eine speziell gestaltete Anfrage sendet oder ein Opfer dazu bringt, eine speziell gestaltete Datei zu \u00f6ffnen, um einen Denial-of-Service-Zustand zu verursachen. Die erfolgreiche Ausnutzung einiger der Schwachstellen erfordert eine Benutzerinteraktion."
}
],
"product_status": {
"known_affected": [
"867560",
"672244",
"1268578",
"428468",
"T025770",
"1150328"
]
},
"release_date": "2022-12-11T23:00:00.000+00:00",
"title": "CVE-2022-42003"
},
{
"cve": "CVE-2022-38752",
"notes": [
{
"category": "description",
"text": "In IBM Business Automation Workflow existieren mehrere Schwachstellen. Die Fehler bestehen aufgrund mehrerer stapelbasierter Puffer\u00fcberl\u00e4ufe, einer fehlenden Begrenzung der Verschachtelungstiefe f\u00fcr Sammlungen und einer fehlenden Pr\u00fcfung in den Primitive Value Deserializern und den BeanDeserializern in den Komponenten SnakeYAML und FasterXML jackson-databind. Ein entfernter anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, indem er eine speziell gestaltete Anfrage sendet oder ein Opfer dazu bringt, eine speziell gestaltete Datei zu \u00f6ffnen, um einen Denial-of-Service-Zustand zu verursachen. Die erfolgreiche Ausnutzung einiger der Schwachstellen erfordert eine Benutzerinteraktion."
}
],
"product_status": {
"known_affected": [
"867560",
"672244",
"1268578",
"428468",
"T025770",
"1150328"
]
},
"release_date": "2022-12-11T23:00:00.000+00:00",
"title": "CVE-2022-38752"
},
{
"cve": "CVE-2022-38751",
"notes": [
{
"category": "description",
"text": "In IBM Business Automation Workflow existieren mehrere Schwachstellen. Die Fehler bestehen aufgrund mehrerer stapelbasierter Puffer\u00fcberl\u00e4ufe, einer fehlenden Begrenzung der Verschachtelungstiefe f\u00fcr Sammlungen und einer fehlenden Pr\u00fcfung in den Primitive Value Deserializern und den BeanDeserializern in den Komponenten SnakeYAML und FasterXML jackson-databind. Ein entfernter anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, indem er eine speziell gestaltete Anfrage sendet oder ein Opfer dazu bringt, eine speziell gestaltete Datei zu \u00f6ffnen, um einen Denial-of-Service-Zustand zu verursachen. Die erfolgreiche Ausnutzung einiger der Schwachstellen erfordert eine Benutzerinteraktion."
}
],
"product_status": {
"known_affected": [
"867560",
"672244",
"1268578",
"428468",
"T025770",
"1150328"
]
},
"release_date": "2022-12-11T23:00:00.000+00:00",
"title": "CVE-2022-38751"
},
{
"cve": "CVE-2022-38750",
"notes": [
{
"category": "description",
"text": "In IBM Business Automation Workflow existieren mehrere Schwachstellen. Die Fehler bestehen aufgrund mehrerer stapelbasierter Puffer\u00fcberl\u00e4ufe, einer fehlenden Begrenzung der Verschachtelungstiefe f\u00fcr Sammlungen und einer fehlenden Pr\u00fcfung in den Primitive Value Deserializern und den BeanDeserializern in den Komponenten SnakeYAML und FasterXML jackson-databind. Ein entfernter anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, indem er eine speziell gestaltete Anfrage sendet oder ein Opfer dazu bringt, eine speziell gestaltete Datei zu \u00f6ffnen, um einen Denial-of-Service-Zustand zu verursachen. Die erfolgreiche Ausnutzung einiger der Schwachstellen erfordert eine Benutzerinteraktion."
}
],
"product_status": {
"known_affected": [
"867560",
"672244",
"1268578",
"428468",
"T025770",
"1150328"
]
},
"release_date": "2022-12-11T23:00:00.000+00:00",
"title": "CVE-2022-38750"
},
{
"cve": "CVE-2022-38749",
"notes": [
{
"category": "description",
"text": "In IBM Business Automation Workflow existieren mehrere Schwachstellen. Die Fehler bestehen aufgrund mehrerer stapelbasierter Puffer\u00fcberl\u00e4ufe, einer fehlenden Begrenzung der Verschachtelungstiefe f\u00fcr Sammlungen und einer fehlenden Pr\u00fcfung in den Primitive Value Deserializern und den BeanDeserializern in den Komponenten SnakeYAML und FasterXML jackson-databind. Ein entfernter anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, indem er eine speziell gestaltete Anfrage sendet oder ein Opfer dazu bringt, eine speziell gestaltete Datei zu \u00f6ffnen, um einen Denial-of-Service-Zustand zu verursachen. Die erfolgreiche Ausnutzung einiger der Schwachstellen erfordert eine Benutzerinteraktion."
}
],
"product_status": {
"known_affected": [
"867560",
"672244",
"1268578",
"428468",
"T025770",
"1150328"
]
},
"release_date": "2022-12-11T23:00:00.000+00:00",
"title": "CVE-2022-38749"
},
{
"cve": "CVE-2022-25857",
"notes": [
{
"category": "description",
"text": "In IBM Business Automation Workflow existieren mehrere Schwachstellen. Die Fehler bestehen aufgrund mehrerer stapelbasierter Puffer\u00fcberl\u00e4ufe, einer fehlenden Begrenzung der Verschachtelungstiefe f\u00fcr Sammlungen und einer fehlenden Pr\u00fcfung in den Primitive Value Deserializern und den BeanDeserializern in den Komponenten SnakeYAML und FasterXML jackson-databind. Ein entfernter anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, indem er eine speziell gestaltete Anfrage sendet oder ein Opfer dazu bringt, eine speziell gestaltete Datei zu \u00f6ffnen, um einen Denial-of-Service-Zustand zu verursachen. Die erfolgreiche Ausnutzung einiger der Schwachstellen erfordert eine Benutzerinteraktion."
}
],
"product_status": {
"known_affected": [
"867560",
"672244",
"1268578",
"428468",
"T025770",
"1150328"
]
},
"release_date": "2022-12-11T23:00:00.000+00:00",
"title": "CVE-2022-25857"
}
]
}
WID-SEC-W-2023-0086
Vulnerability from csaf_certbund - Published: 2023-01-12 23:00 - Updated: 2025-09-21 22:00Summary
Keycloak: Mehrere Schwachstellen
Severity
Mittel
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: Keycloak ermöglicht Single Sign-On mit Identity and Access Management für moderne Anwendungen und Dienste.
Angriff: Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Keycloak ausnutzen, um einen Denial of Service Angriff durchzuführen und Sicherheitsmaßnahmen zu umgehen.
Betroffene Betriebssysteme: - Linux
- Sonstiges
- UNIX
- Windows
Affected products
Known affected
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM FileNet Content Manager 5.5.10
IBM / FileNet Content Manager
|
cpe:/a:ibm:filenet_content_manager:5.5.10
|
5.5.10 | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM SPSS Collaboration and Deployment Services
IBM / SPSS
|
cpe:/a:ibm:spss:collaboration_and_deployment_services
|
Collaboration and Deployment Services | |
|
IBM FileNet Content Manager 5.5.9
IBM / FileNet Content Manager
|
cpe:/a:ibm:filenet_content_manager:5.5.9
|
5.5.9 | |
|
IBM FileNet Content Manager 5.5.8
IBM / FileNet Content Manager
|
cpe:/a:ibm:filenet_content_manager:5.5.8
|
5.5.8 | |
|
IBM FileNet Content Manager 5.5.4
IBM / FileNet Content Manager
|
cpe:/a:ibm:filenet_content_manager:5.5.4
|
5.5.4 | |
|
Hitachi Ops Center
Hitachi
|
cpe:/a:hitachi:ops_center:-
|
— | |
|
IBM QRadar SIEM 7.5
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5
|
7.5 | |
|
Open Source Keycloak <20.0.3
Open Source / Keycloak
|
<20.0.3 | ||
|
IBM Operational Decision Manager 8.10.x
IBM / Operational Decision Manager
|
cpe:/a:ibm:operational_decision_manager:8.10.x
|
8.10.x | |
|
IBM Operational Decision Manager 8.11.x
IBM / Operational Decision Manager
|
cpe:/a:ibm:operational_decision_manager:8.11.x
|
8.11.x | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
IBM DB2
IBM
|
cpe:/a:ibm:db2:-
|
— | |
|
IBM FileNet Content Manager
IBM / FileNet Content Manager
|
cpe:/a:ibm:filenet_content_manager:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— |
Affected products
Known affected
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM FileNet Content Manager 5.5.10
IBM / FileNet Content Manager
|
cpe:/a:ibm:filenet_content_manager:5.5.10
|
5.5.10 | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM SPSS Collaboration and Deployment Services
IBM / SPSS
|
cpe:/a:ibm:spss:collaboration_and_deployment_services
|
Collaboration and Deployment Services | |
|
IBM FileNet Content Manager 5.5.9
IBM / FileNet Content Manager
|
cpe:/a:ibm:filenet_content_manager:5.5.9
|
5.5.9 | |
|
IBM FileNet Content Manager 5.5.8
IBM / FileNet Content Manager
|
cpe:/a:ibm:filenet_content_manager:5.5.8
|
5.5.8 | |
|
IBM FileNet Content Manager 5.5.4
IBM / FileNet Content Manager
|
cpe:/a:ibm:filenet_content_manager:5.5.4
|
5.5.4 | |
|
Hitachi Ops Center
Hitachi
|
cpe:/a:hitachi:ops_center:-
|
— | |
|
IBM QRadar SIEM 7.5
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5
|
7.5 | |
|
Open Source Keycloak <20.0.3
Open Source / Keycloak
|
<20.0.3 | ||
|
IBM Operational Decision Manager 8.10.x
IBM / Operational Decision Manager
|
cpe:/a:ibm:operational_decision_manager:8.10.x
|
8.10.x | |
|
IBM Operational Decision Manager 8.11.x
IBM / Operational Decision Manager
|
cpe:/a:ibm:operational_decision_manager:8.11.x
|
8.11.x | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
IBM DB2
IBM
|
cpe:/a:ibm:db2:-
|
— | |
|
IBM FileNet Content Manager
IBM / FileNet Content Manager
|
cpe:/a:ibm:filenet_content_manager:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— |
Affected products
Known affected
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM FileNet Content Manager 5.5.10
IBM / FileNet Content Manager
|
cpe:/a:ibm:filenet_content_manager:5.5.10
|
5.5.10 | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM SPSS Collaboration and Deployment Services
IBM / SPSS
|
cpe:/a:ibm:spss:collaboration_and_deployment_services
|
Collaboration and Deployment Services | |
|
IBM FileNet Content Manager 5.5.9
IBM / FileNet Content Manager
|
cpe:/a:ibm:filenet_content_manager:5.5.9
|
5.5.9 | |
|
IBM FileNet Content Manager 5.5.8
IBM / FileNet Content Manager
|
cpe:/a:ibm:filenet_content_manager:5.5.8
|
5.5.8 | |
|
IBM FileNet Content Manager 5.5.4
IBM / FileNet Content Manager
|
cpe:/a:ibm:filenet_content_manager:5.5.4
|
5.5.4 | |
|
Hitachi Ops Center
Hitachi
|
cpe:/a:hitachi:ops_center:-
|
— | |
|
IBM QRadar SIEM 7.5
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5
|
7.5 | |
|
Open Source Keycloak <20.0.3
Open Source / Keycloak
|
<20.0.3 | ||
|
IBM Operational Decision Manager 8.10.x
IBM / Operational Decision Manager
|
cpe:/a:ibm:operational_decision_manager:8.10.x
|
8.10.x | |
|
IBM Operational Decision Manager 8.11.x
IBM / Operational Decision Manager
|
cpe:/a:ibm:operational_decision_manager:8.11.x
|
8.11.x | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
IBM DB2
IBM
|
cpe:/a:ibm:db2:-
|
— | |
|
IBM FileNet Content Manager
IBM / FileNet Content Manager
|
cpe:/a:ibm:filenet_content_manager:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— |
Affected products
Known affected
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM FileNet Content Manager 5.5.10
IBM / FileNet Content Manager
|
cpe:/a:ibm:filenet_content_manager:5.5.10
|
5.5.10 | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM SPSS Collaboration and Deployment Services
IBM / SPSS
|
cpe:/a:ibm:spss:collaboration_and_deployment_services
|
Collaboration and Deployment Services | |
|
IBM FileNet Content Manager 5.5.9
IBM / FileNet Content Manager
|
cpe:/a:ibm:filenet_content_manager:5.5.9
|
5.5.9 | |
|
IBM FileNet Content Manager 5.5.8
IBM / FileNet Content Manager
|
cpe:/a:ibm:filenet_content_manager:5.5.8
|
5.5.8 | |
|
IBM FileNet Content Manager 5.5.4
IBM / FileNet Content Manager
|
cpe:/a:ibm:filenet_content_manager:5.5.4
|
5.5.4 | |
|
Hitachi Ops Center
Hitachi
|
cpe:/a:hitachi:ops_center:-
|
— | |
|
IBM QRadar SIEM 7.5
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5
|
7.5 | |
|
Open Source Keycloak <20.0.3
Open Source / Keycloak
|
<20.0.3 | ||
|
IBM Operational Decision Manager 8.10.x
IBM / Operational Decision Manager
|
cpe:/a:ibm:operational_decision_manager:8.10.x
|
8.10.x | |
|
IBM Operational Decision Manager 8.11.x
IBM / Operational Decision Manager
|
cpe:/a:ibm:operational_decision_manager:8.11.x
|
8.11.x | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
IBM DB2
IBM
|
cpe:/a:ibm:db2:-
|
— | |
|
IBM FileNet Content Manager
IBM / FileNet Content Manager
|
cpe:/a:ibm:filenet_content_manager:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— |
References
26 references
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Keycloak erm\u00f6glicht Single Sign-On mit Identity and Access Management f\u00fcr moderne Anwendungen und Dienste.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Keycloak ausnutzen, um einen Denial of Service Angriff durchzuf\u00fchren und Sicherheitsma\u00dfnahmen zu umgehen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- Sonstiges\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2023-0086 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-0086.json"
},
{
"category": "self",
"summary": "WID-SEC-2023-0086 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-0086"
},
{
"category": "external",
"summary": "Keycloak 20.0.3 Release vom 2023-01-12",
"url": "https://www.keycloak.org/2023/01/keycloak-2003-released"
},
{
"category": "external",
"summary": "Github Advisory Database vom 2023-01-12",
"url": "https://github.com/advisories/GHSA-v436-q368-hvgg"
},
{
"category": "external",
"summary": "Github Advisory Database vom 2023-01-12",
"url": "https://github.com/advisories/GHSA-3mc7-4q67-w48m"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:1045 vom 2023-03-02",
"url": "https://access.redhat.com/errata/RHSA-2023:1045"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:1044 vom 2023-03-02",
"url": "https://access.redhat.com/errata/RHSA-2023:1044"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:1049 vom 2023-03-02",
"url": "https://access.redhat.com/errata/RHSA-2023:1049"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:1043 vom 2023-03-02",
"url": "https://access.redhat.com/errata/RHSA-2023:1043"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:1047 vom 2023-03-02",
"url": "https://access.redhat.com/errata/RHSA-2023:1047"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:1006 vom 2023-03-09",
"url": "https://access.redhat.com/errata/RHSA-2023:1006"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:1177 vom 2023-03-09",
"url": "https://access.redhat.com/errata/RHSA-2023:1177"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:1286 vom 2023-03-16",
"url": "https://access.redhat.com/errata/RHSA-2023:1286"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2023:1673-1 vom 2023-03-29",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2023-March/014243.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS-2023-2007 vom 2023-04-05",
"url": "https://alas.aws.amazon.com/AL2/ALAS-2023-2007.html"
},
{
"category": "external",
"summary": "Hitachi Software Vulnerability Information hitachi-sec-2023-116 vom 2023-05-23",
"url": "https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2023-116/index.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:3299 vom 2023-05-24",
"url": "https://access.redhat.com/errata/RHSA-2023:3299"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7005851 vom 2023-06-21",
"url": "https://www.ibm.com/support/pages/node/7005851"
},
{
"category": "external",
"summary": "IBM Security Bulletin 6852831 vom 2023-06-27",
"url": "https://www.ibm.com/support/pages/node/6852831"
},
{
"category": "external",
"summary": "IBM Security Bulletin 6852835 vom 2023-06-28",
"url": "https://www.ibm.com/support/pages/node/6852835"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7008449 vom 2023-06-29",
"url": "https://www.ibm.com/support/pages/node/7008449"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:3954 vom 2023-06-29",
"url": "https://access.redhat.com/errata/RHSA-2023:3954"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7010099 vom 2023-07-06",
"url": "https://www.ibm.com/support/pages/node/7010099"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS-2024-2464 vom 2024-02-19",
"url": "https://alas.aws.amazon.com/AL2/ALAS-2024-2464.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:1353 vom 2024-03-18",
"url": "https://access.redhat.com/errata/RHSA-2024:1353"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7245569 vom 2025-09-19",
"url": "https://www.ibm.com/support/pages/node/7245569"
}
],
"source_lang": "en-US",
"title": "Keycloak: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2025-09-21T22:00:00.000+00:00",
"generator": {
"date": "2025-09-22T09:11:12.655+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.4.0"
}
},
"id": "WID-SEC-W-2023-0086",
"initial_release_date": "2023-01-12T23:00:00.000+00:00",
"revision_history": [
{
"date": "2023-01-12T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2023-03-01T23:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2023-03-08T23:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2023-03-09T23:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2023-03-16T23:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2023-03-29T22:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2023-04-05T22:00:00.000+00:00",
"number": "7",
"summary": "Neue Updates von Amazon aufgenommen"
},
{
"date": "2023-05-22T22:00:00.000+00:00",
"number": "8",
"summary": "Neue Updates von HITACHI aufgenommen"
},
{
"date": "2023-05-24T22:00:00.000+00:00",
"number": "9",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2023-06-21T22:00:00.000+00:00",
"number": "10",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2023-06-27T22:00:00.000+00:00",
"number": "11",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2023-06-28T22:00:00.000+00:00",
"number": "12",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2023-06-29T22:00:00.000+00:00",
"number": "13",
"summary": "Neue Updates von IBM und Red Hat aufgenommen"
},
{
"date": "2023-07-06T22:00:00.000+00:00",
"number": "14",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2024-02-19T23:00:00.000+00:00",
"number": "15",
"summary": "Neue Updates von Amazon aufgenommen"
},
{
"date": "2024-03-17T23:00:00.000+00:00",
"number": "16",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-09-21T22:00:00.000+00:00",
"number": "17",
"summary": "Neue Updates von IBM aufgenommen"
}
],
"status": "final",
"version": "17"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Amazon Linux 2",
"product": {
"name": "Amazon Linux 2",
"product_id": "398363",
"product_identification_helper": {
"cpe": "cpe:/o:amazon:linux_2:-"
}
}
}
],
"category": "vendor",
"name": "Amazon"
},
{
"branches": [
{
"category": "product_name",
"name": "Hitachi Ops Center",
"product": {
"name": "Hitachi Ops Center",
"product_id": "T017562",
"product_identification_helper": {
"cpe": "cpe:/a:hitachi:ops_center:-"
}
}
}
],
"category": "vendor",
"name": "Hitachi"
},
{
"branches": [
{
"category": "product_name",
"name": "IBM DB2",
"product": {
"name": "IBM DB2",
"product_id": "5104",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:db2:-"
}
}
},
{
"branches": [
{
"category": "product_version",
"name": "5.5.4",
"product": {
"name": "IBM FileNet Content Manager 5.5.4",
"product_id": "782758",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:filenet_content_manager:5.5.4"
}
}
},
{
"category": "product_version",
"name": "5.5.8",
"product": {
"name": "IBM FileNet Content Manager 5.5.8",
"product_id": "T024608",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:filenet_content_manager:5.5.8"
}
}
},
{
"category": "product_version",
"name": "5.5.9",
"product": {
"name": "IBM FileNet Content Manager 5.5.9",
"product_id": "T024609",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:filenet_content_manager:5.5.9"
}
}
},
{
"category": "product_name",
"name": "IBM FileNet Content Manager",
"product": {
"name": "IBM FileNet Content Manager",
"product_id": "T025993",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:filenet_content_manager:-"
}
}
},
{
"category": "product_version",
"name": "5.5.10",
"product": {
"name": "IBM FileNet Content Manager 5.5.10",
"product_id": "T028340",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:filenet_content_manager:5.5.10"
}
}
}
],
"category": "product_name",
"name": "FileNet Content Manager"
},
{
"branches": [
{
"category": "product_version",
"name": "8.10.x",
"product": {
"name": "IBM Operational Decision Manager 8.10.x",
"product_id": "T027827",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:operational_decision_manager:8.10.x"
}
}
},
{
"category": "product_version",
"name": "8.11.x",
"product": {
"name": "IBM Operational Decision Manager 8.11.x",
"product_id": "T027828",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:operational_decision_manager:8.11.x"
}
}
}
],
"category": "product_name",
"name": "Operational Decision Manager"
},
{
"branches": [
{
"category": "product_version",
"name": "7.5",
"product": {
"name": "IBM QRadar SIEM 7.5",
"product_id": "T022954",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:qradar_siem:7.5"
}
}
}
],
"category": "product_name",
"name": "QRadar SIEM"
},
{
"branches": [
{
"category": "product_version",
"name": "Collaboration and Deployment Services",
"product": {
"name": "IBM SPSS Collaboration and Deployment Services",
"product_id": "T037766",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:spss:collaboration_and_deployment_services"
}
}
}
],
"category": "product_name",
"name": "SPSS"
}
],
"category": "vendor",
"name": "IBM"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c20.0.3",
"product": {
"name": "Open Source Keycloak \u003c20.0.3",
"product_id": "T025836"
}
},
{
"category": "product_version",
"name": "20.0.3",
"product": {
"name": "Open Source Keycloak 20.0.3",
"product_id": "T025836-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:keycloak:keycloak:20.0.3"
}
}
}
],
"category": "product_name",
"name": "Keycloak"
}
],
"category": "vendor",
"name": "Open Source"
},
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
}
],
"category": "vendor",
"name": "Red Hat"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux",
"product": {
"name": "SUSE Linux",
"product_id": "T002207",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_linux:-"
}
}
}
],
"category": "vendor",
"name": "SUSE"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-25857",
"product_status": {
"known_affected": [
"T028340",
"67646",
"T037766",
"T024609",
"T024608",
"782758",
"T017562",
"T022954",
"T025836",
"T027827",
"T027828",
"T002207",
"5104",
"T025993",
"398363"
]
},
"release_date": "2023-01-12T23:00:00.000+00:00",
"title": "CVE-2022-25857"
},
{
"cve": "CVE-2022-40151",
"product_status": {
"known_affected": [
"T028340",
"67646",
"T037766",
"T024609",
"T024608",
"782758",
"T017562",
"T022954",
"T025836",
"T027827",
"T027828",
"T002207",
"5104",
"T025993",
"398363"
]
},
"release_date": "2023-01-12T23:00:00.000+00:00",
"title": "CVE-2022-40151"
},
{
"cve": "CVE-2022-41966",
"product_status": {
"known_affected": [
"T028340",
"67646",
"T037766",
"T024609",
"T024608",
"782758",
"T017562",
"T022954",
"T025836",
"T027827",
"T027828",
"T002207",
"5104",
"T025993",
"398363"
]
},
"release_date": "2023-01-12T23:00:00.000+00:00",
"title": "CVE-2022-41966"
},
{
"cve": "CVE-2023-0091",
"product_status": {
"known_affected": [
"T028340",
"67646",
"T037766",
"T024609",
"T024608",
"782758",
"T017562",
"T022954",
"T025836",
"T027827",
"T027828",
"T002207",
"5104",
"T025993",
"398363"
]
},
"release_date": "2023-01-12T23:00:00.000+00:00",
"title": "CVE-2023-0091"
}
]
}
WID-SEC-W-2023-0125
Vulnerability from csaf_certbund - Published: 2023-01-17 23:00 - Updated: 2023-01-17 23:00Summary
Oracle PeopleSoft: Mehrere Schwachstellen
Severity
Hoch
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: Oracle PeopleSoft ist eine ERP Anwendung.
Angriff: Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Oracle PeopleSoft ausnutzen, um die Vertraulichkeit, Integrität und Verfügbarkeit zu gefährden.
Betroffene Betriebssysteme: - UNIX
- Linux
- Windows
In Oracle PeopleSoft existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle PeopleSoft 8.58
Oracle / PeopleSoft
|
cpe:/a:oracle:peoplesoft:8.58
|
— | |
|
Oracle PeopleSoft 8.60
Oracle / PeopleSoft
|
cpe:/a:oracle:peoplesoft:8.60
|
— | |
|
Oracle PeopleSoft 9.2
Oracle / PeopleSoft
|
cpe:/a:oracle:peoplesoft:9.2
|
— | |
|
Oracle PeopleSoft 8.59
Oracle / PeopleSoft
|
cpe:/a:oracle:peoplesoft:8.59
|
— |
In Oracle PeopleSoft existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle PeopleSoft 8.58
Oracle / PeopleSoft
|
cpe:/a:oracle:peoplesoft:8.58
|
— | |
|
Oracle PeopleSoft 8.60
Oracle / PeopleSoft
|
cpe:/a:oracle:peoplesoft:8.60
|
— | |
|
Oracle PeopleSoft 9.2
Oracle / PeopleSoft
|
cpe:/a:oracle:peoplesoft:9.2
|
— | |
|
Oracle PeopleSoft 8.59
Oracle / PeopleSoft
|
cpe:/a:oracle:peoplesoft:8.59
|
— |
In Oracle PeopleSoft existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle PeopleSoft 8.58
Oracle / PeopleSoft
|
cpe:/a:oracle:peoplesoft:8.58
|
— | |
|
Oracle PeopleSoft 8.60
Oracle / PeopleSoft
|
cpe:/a:oracle:peoplesoft:8.60
|
— | |
|
Oracle PeopleSoft 9.2
Oracle / PeopleSoft
|
cpe:/a:oracle:peoplesoft:9.2
|
— | |
|
Oracle PeopleSoft 8.59
Oracle / PeopleSoft
|
cpe:/a:oracle:peoplesoft:8.59
|
— |
In Oracle PeopleSoft existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle PeopleSoft 8.58
Oracle / PeopleSoft
|
cpe:/a:oracle:peoplesoft:8.58
|
— | |
|
Oracle PeopleSoft 8.60
Oracle / PeopleSoft
|
cpe:/a:oracle:peoplesoft:8.60
|
— | |
|
Oracle PeopleSoft 9.2
Oracle / PeopleSoft
|
cpe:/a:oracle:peoplesoft:9.2
|
— | |
|
Oracle PeopleSoft 8.59
Oracle / PeopleSoft
|
cpe:/a:oracle:peoplesoft:8.59
|
— |
In Oracle PeopleSoft existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle PeopleSoft 8.58
Oracle / PeopleSoft
|
cpe:/a:oracle:peoplesoft:8.58
|
— | |
|
Oracle PeopleSoft 8.60
Oracle / PeopleSoft
|
cpe:/a:oracle:peoplesoft:8.60
|
— | |
|
Oracle PeopleSoft 9.2
Oracle / PeopleSoft
|
cpe:/a:oracle:peoplesoft:9.2
|
— | |
|
Oracle PeopleSoft 8.59
Oracle / PeopleSoft
|
cpe:/a:oracle:peoplesoft:8.59
|
— |
In Oracle PeopleSoft existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle PeopleSoft 8.58
Oracle / PeopleSoft
|
cpe:/a:oracle:peoplesoft:8.58
|
— | |
|
Oracle PeopleSoft 8.60
Oracle / PeopleSoft
|
cpe:/a:oracle:peoplesoft:8.60
|
— | |
|
Oracle PeopleSoft 9.2
Oracle / PeopleSoft
|
cpe:/a:oracle:peoplesoft:9.2
|
— | |
|
Oracle PeopleSoft 8.59
Oracle / PeopleSoft
|
cpe:/a:oracle:peoplesoft:8.59
|
— |
In Oracle PeopleSoft existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle PeopleSoft 8.58
Oracle / PeopleSoft
|
cpe:/a:oracle:peoplesoft:8.58
|
— | |
|
Oracle PeopleSoft 8.60
Oracle / PeopleSoft
|
cpe:/a:oracle:peoplesoft:8.60
|
— | |
|
Oracle PeopleSoft 9.2
Oracle / PeopleSoft
|
cpe:/a:oracle:peoplesoft:9.2
|
— | |
|
Oracle PeopleSoft 8.59
Oracle / PeopleSoft
|
cpe:/a:oracle:peoplesoft:8.59
|
— |
In Oracle PeopleSoft existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle PeopleSoft 8.58
Oracle / PeopleSoft
|
cpe:/a:oracle:peoplesoft:8.58
|
— | |
|
Oracle PeopleSoft 8.60
Oracle / PeopleSoft
|
cpe:/a:oracle:peoplesoft:8.60
|
— | |
|
Oracle PeopleSoft 9.2
Oracle / PeopleSoft
|
cpe:/a:oracle:peoplesoft:9.2
|
— | |
|
Oracle PeopleSoft 8.59
Oracle / PeopleSoft
|
cpe:/a:oracle:peoplesoft:8.59
|
— |
In Oracle PeopleSoft existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle PeopleSoft 8.58
Oracle / PeopleSoft
|
cpe:/a:oracle:peoplesoft:8.58
|
— | |
|
Oracle PeopleSoft 8.60
Oracle / PeopleSoft
|
cpe:/a:oracle:peoplesoft:8.60
|
— | |
|
Oracle PeopleSoft 9.2
Oracle / PeopleSoft
|
cpe:/a:oracle:peoplesoft:9.2
|
— | |
|
Oracle PeopleSoft 8.59
Oracle / PeopleSoft
|
cpe:/a:oracle:peoplesoft:8.59
|
— |
In Oracle PeopleSoft existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle PeopleSoft 8.58
Oracle / PeopleSoft
|
cpe:/a:oracle:peoplesoft:8.58
|
— | |
|
Oracle PeopleSoft 8.60
Oracle / PeopleSoft
|
cpe:/a:oracle:peoplesoft:8.60
|
— | |
|
Oracle PeopleSoft 9.2
Oracle / PeopleSoft
|
cpe:/a:oracle:peoplesoft:9.2
|
— | |
|
Oracle PeopleSoft 8.59
Oracle / PeopleSoft
|
cpe:/a:oracle:peoplesoft:8.59
|
— |
In Oracle PeopleSoft existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle PeopleSoft 8.58
Oracle / PeopleSoft
|
cpe:/a:oracle:peoplesoft:8.58
|
— | |
|
Oracle PeopleSoft 8.60
Oracle / PeopleSoft
|
cpe:/a:oracle:peoplesoft:8.60
|
— | |
|
Oracle PeopleSoft 9.2
Oracle / PeopleSoft
|
cpe:/a:oracle:peoplesoft:9.2
|
— | |
|
Oracle PeopleSoft 8.59
Oracle / PeopleSoft
|
cpe:/a:oracle:peoplesoft:8.59
|
— |
References
3 references
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Oracle PeopleSoft ist eine ERP Anwendung.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Oracle PeopleSoft ausnutzen, um die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit zu gef\u00e4hrden.",
"title": "Angriff"
},
{
"category": "general",
"text": "- UNIX\n- Linux\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2023-0125 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-0125.json"
},
{
"category": "self",
"summary": "WID-SEC-2023-0125 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-0125"
},
{
"category": "external",
"summary": "Oracle Critical Patch Update Advisory - January 2023 - Appendix Oracle PeopleSoft vom 2023-01-17",
"url": "https://www.oracle.com/security-alerts/cpujan2023.html#AppendixPS"
}
],
"source_lang": "en-US",
"title": "Oracle PeopleSoft: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2023-01-17T23:00:00.000+00:00",
"generator": {
"date": "2024-08-15T17:41:44.697+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.5"
}
},
"id": "WID-SEC-W-2023-0125",
"initial_release_date": "2023-01-17T23:00:00.000+00:00",
"revision_history": [
{
"date": "2023-01-17T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Oracle PeopleSoft 8.58",
"product": {
"name": "Oracle PeopleSoft 8.58",
"product_id": "T019029",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:peoplesoft:8.58"
}
}
},
{
"category": "product_name",
"name": "Oracle PeopleSoft 9.2",
"product": {
"name": "Oracle PeopleSoft 9.2",
"product_id": "T019030",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:peoplesoft:9.2"
}
}
},
{
"category": "product_name",
"name": "Oracle PeopleSoft 8.59",
"product": {
"name": "Oracle PeopleSoft 8.59",
"product_id": "T019905",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:peoplesoft:8.59"
}
}
},
{
"category": "product_name",
"name": "Oracle PeopleSoft 8.60",
"product": {
"name": "Oracle PeopleSoft 8.60",
"product_id": "T025008",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:peoplesoft:8.60"
}
}
}
],
"category": "product_name",
"name": "PeopleSoft"
}
],
"category": "vendor",
"name": "Oracle"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-21845",
"notes": [
{
"category": "description",
"text": "In Oracle PeopleSoft existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T019029",
"T025008",
"T019030",
"T019905"
]
},
"release_date": "2023-01-17T23:00:00.000+00:00",
"title": "CVE-2023-21845"
},
{
"cve": "CVE-2023-21844",
"notes": [
{
"category": "description",
"text": "In Oracle PeopleSoft existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T019029",
"T025008",
"T019030",
"T019905"
]
},
"release_date": "2023-01-17T23:00:00.000+00:00",
"title": "CVE-2023-21844"
},
{
"cve": "CVE-2023-21831",
"notes": [
{
"category": "description",
"text": "In Oracle PeopleSoft existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T019029",
"T025008",
"T019030",
"T019905"
]
},
"release_date": "2023-01-17T23:00:00.000+00:00",
"title": "CVE-2023-21831"
},
{
"cve": "CVE-2022-42003",
"notes": [
{
"category": "description",
"text": "In Oracle PeopleSoft existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T019029",
"T025008",
"T019030",
"T019905"
]
},
"release_date": "2023-01-17T23:00:00.000+00:00",
"title": "CVE-2022-42003"
},
{
"cve": "CVE-2022-40149",
"notes": [
{
"category": "description",
"text": "In Oracle PeopleSoft existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T019029",
"T025008",
"T019030",
"T019905"
]
},
"release_date": "2023-01-17T23:00:00.000+00:00",
"title": "CVE-2022-40149"
},
{
"cve": "CVE-2022-37434",
"notes": [
{
"category": "description",
"text": "In Oracle PeopleSoft existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T019029",
"T025008",
"T019030",
"T019905"
]
},
"release_date": "2023-01-17T23:00:00.000+00:00",
"title": "CVE-2022-37434"
},
{
"cve": "CVE-2022-31129",
"notes": [
{
"category": "description",
"text": "In Oracle PeopleSoft existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T019029",
"T025008",
"T019030",
"T019905"
]
},
"release_date": "2023-01-17T23:00:00.000+00:00",
"title": "CVE-2022-31129"
},
{
"cve": "CVE-2022-27782",
"notes": [
{
"category": "description",
"text": "In Oracle PeopleSoft existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T019029",
"T025008",
"T019030",
"T019905"
]
},
"release_date": "2023-01-17T23:00:00.000+00:00",
"title": "CVE-2022-27782"
},
{
"cve": "CVE-2022-25857",
"notes": [
{
"category": "description",
"text": "In Oracle PeopleSoft existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T019029",
"T025008",
"T019030",
"T019905"
]
},
"release_date": "2023-01-17T23:00:00.000+00:00",
"title": "CVE-2022-25857"
},
{
"cve": "CVE-2021-3918",
"notes": [
{
"category": "description",
"text": "In Oracle PeopleSoft existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T019029",
"T025008",
"T019030",
"T019905"
]
},
"release_date": "2023-01-17T23:00:00.000+00:00",
"title": "CVE-2021-3918"
},
{
"cve": "CVE-2020-10735",
"notes": [
{
"category": "description",
"text": "In Oracle PeopleSoft existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T019029",
"T025008",
"T019030",
"T019905"
]
},
"release_date": "2023-01-17T23:00:00.000+00:00",
"title": "CVE-2020-10735"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…