Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2017-7525 (GCVE-0-2017-7525)
Vulnerability from cvelistv5 – Published: 2018-02-06 15:00 – Updated: 2024-09-17 02:21
VLAI
EPSS
Summary
A deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper.
Severity
No CVSS data available.
CWE
Assigner
References
60 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| FasterXML | jackson-databind |
Affected:
before 2.6.7.1
Affected: before 2.7.9.1 Affected: before 2.8.9 |
Date Public
2017-04-11 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:04:11.868Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1040360",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1040360"
},
{
"name": "RHSA-2017:1840",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1840"
},
{
"name": "RHSA-2017:2547",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2547"
},
{
"name": "RHSA-2017:1836",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1836"
},
{
"name": "RHSA-2017:1835",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1835"
},
{
"name": "RHSA-2018:1449",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1449"
},
{
"name": "1039744",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1039744"
},
{
"name": "1039947",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1039947"
},
{
"name": "RHSA-2017:2635",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2635"
},
{
"name": "RHSA-2017:2638",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2638"
},
{
"name": "RHSA-2018:1450",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1450"
},
{
"name": "RHSA-2017:3458",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3458"
},
{
"name": "RHSA-2018:0294",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0294"
},
{
"name": "RHSA-2017:1837",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1837"
},
{
"name": "RHSA-2017:1834",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1834"
},
{
"name": "RHSA-2017:2546",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2546"
},
{
"name": "RHSA-2017:2636",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2636"
},
{
"name": "RHSA-2017:3455",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3455"
},
{
"name": "RHSA-2017:2477",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2477"
},
{
"name": "RHSA-2017:3456",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3456"
},
{
"name": "RHSA-2018:0342",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0342"
},
{
"name": "RHSA-2017:1839",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1839"
},
{
"name": "99623",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/99623"
},
{
"name": "RHSA-2017:2637",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2637"
},
{
"name": "RHSA-2017:3454",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3454"
},
{
"name": "DSA-4004",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2017/dsa-4004"
},
{
"name": "RHSA-2017:3141",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3141"
},
{
"name": "RHSA-2017:2633",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2633"
},
{
"name": "[lucene-solr-user] 20190104 Re: SOLR v7 Security Issues Caused Denial of Use - Sonatype Application Composition Report",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451%40%3Csolr-user.lucene.apache.org%3E"
},
{
"name": "[lucene-dev] 20190325 [jira] [Closed] (SOLR-13110) CVE-2017-7525 Threat Level 9 Against Solr v7.6. org.codehaus.jackson : jackson-mapper-asl : 1.9.13. .A deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, ...",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/f60afd3c7e9ebaaf70fad4a4beb75cf8740ac959017a31e7006c7486%40%3Cdev.lucene.apache.org%3E"
},
{
"name": "[lucene-dev] 20190325 [jira] [Updated] (SOLR-13110) CVE-2017-7525 Threat Level 9 Against Solr v7.6. org.codehaus.jackson : jackson-mapper-asl : 1.9.13. .A deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, ...",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/3c87dc8bca99a2b3b4743713b33d1de05b1d6b761fdf316224e9c81f%40%3Cdev.lucene.apache.org%3E"
},
{
"name": "[lucene-dev] 20190325 [jira] [Assigned] (SOLR-13110) CVE-2017-7525 Threat Level 9 Against Solr v7.6. org.codehaus.jackson : jackson-mapper-asl : 1.9.13. .A deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, ...",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/c2ed4c0126b43e324cf740012a0edd371fd36096fd777be7bfe7a2a6%40%3Cdev.lucene.apache.org%3E"
},
{
"name": "[lucene-dev] 20190325 [jira] [Resolved] (SOLR-13110) CVE-2017-7525 Threat Level 9 Against Solr v7.6. org.codehaus.jackson : jackson-mapper-asl : 1.9.13. .A deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, ...",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/c10a2bf0fdc3d25faf17bd191d6ec46b29a353fa9c97bebd7c4e5913%40%3Cdev.lucene.apache.org%3E"
},
{
"name": "[lucene-dev] 20190325 [jira] [Updated] (SOLR-13110) CVE-2017-7525 Threat Level 9 Against Solr v7.6. org.codehaus.jackson : jackson-mapper-asl : 1.9.13. .A deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, ...",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/b1f33fe5ade396bb903fdcabe9f243f7692c7dfce5418d3743c2d346%40%3Cdev.lucene.apache.org%3E"
},
{
"name": "RHSA-2019:0910",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0910"
},
{
"name": "RHSA-2019:2858",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2858"
},
{
"name": "RHSA-2019:3149",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3149"
},
{
"name": "[cassandra-commits] 20191113 [jira] [Created] (CASSANDRA-15416) CVE-2017-7525 ( jackson-databind is vulnerable to Remote Code Execution) on version 3.11.4",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/4641ed8616ccc2c1fbddac2c3dc9900c96387bc226eaf0232d61909b%40%3Ccommits.cassandra.apache.org%3E"
},
{
"name": "[druid-commits] 20191115 [GitHub] [incubator-druid] ccaominh opened a new pull request #8878: Address security vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe%40%3Ccommits.druid.apache.org%3E"
},
{
"name": "[lucene-solr-user] 20191218 CVE-2017-7525 fix for Solr 7.7.x",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/5008bcbd45ee65ce39e4220b6ac53d28a24d6bc67d5804e9773a7399%40%3Csolr-user.lucene.apache.org%3E"
},
{
"name": "[lucene-solr-user] 20191218 Re: CVE-2017-7525 fix for Solr 7.7.x",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/c9d5ff20929e8a3c8794facf4c4b326a9c10618812eec356caa20b87%40%3Csolr-user.lucene.apache.org%3E"
},
{
"name": "[lucene-solr-user] 20191219 Re: CVE-2017-7525 fix for Solr 7.7.x",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/f095a791bda6c0595f691eddd0febb2d396987eec5cbd29120d8c629%40%3Csolr-user.lucene.apache.org%3E"
},
{
"name": "[debian-lts-announce] 20200131 [SECURITY] [DLA 2091-1] libjackson-json-java security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00037.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
},
{
"name": "[debian-lts-announce] 20200824 [SECURITY] [DLA 2342-1] libjackson-json-java security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00039.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03902en_us"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/FasterXML/jackson-databind/issues/1723"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/FasterXML/jackson-databind/issues/1599"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1462702"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20171214-0002/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cwiki.apache.org/confluence/display/WW/S2-055"
},
{
"name": "[spark-issues] 20210223 [jira] [Created] (SPARK-34511) Current Security vulnerabilities in spark libraries",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r68acf97f4526ba59a33cc6e592261ea4f85d890f99e79c82d57dd589%40%3Cissues.spark.apache.org%3E"
},
{
"name": "[cassandra-commits] 20210927 [jira] [Commented] (CASSANDRA-15416) CVE-2017-7525 ( jackson-databind is vulnerable to Remote Code Execution) on version 3.11.4",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rf7f87810c38dc9abf9f93989f76008f504cbf7c1a355214640b2d04c%40%3Ccommits.cassandra.apache.org%3E"
},
{
"name": "[cassandra-commits] 20210927 [jira] [Updated] (CASSANDRA-15416) CVE-2017-7525 ( jackson-databind is vulnerable to Remote Code Execution) on version 3.11.4",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r42ac3e39e6265db12d9fc6ae1cd4b5fea7aed9830dc6f6d58228fed7%40%3Ccommits.cassandra.apache.org%3E"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "jackson-databind",
"vendor": "FasterXML",
"versions": [
{
"status": "affected",
"version": "before 2.6.7.1"
},
{
"status": "affected",
"version": "before 2.7.9.1"
},
{
"status": "affected",
"version": "before 2.8.9"
}
]
}
],
"datePublic": "2017-04-11T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-184",
"description": "CWE-184",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-27T17:06:10.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "1040360",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1040360"
},
{
"name": "RHSA-2017:1840",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1840"
},
{
"name": "RHSA-2017:2547",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2547"
},
{
"name": "RHSA-2017:1836",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1836"
},
{
"name": "RHSA-2017:1835",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1835"
},
{
"name": "RHSA-2018:1449",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1449"
},
{
"name": "1039744",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1039744"
},
{
"name": "1039947",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1039947"
},
{
"name": "RHSA-2017:2635",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2635"
},
{
"name": "RHSA-2017:2638",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2638"
},
{
"name": "RHSA-2018:1450",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1450"
},
{
"name": "RHSA-2017:3458",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3458"
},
{
"name": "RHSA-2018:0294",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0294"
},
{
"name": "RHSA-2017:1837",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1837"
},
{
"name": "RHSA-2017:1834",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1834"
},
{
"name": "RHSA-2017:2546",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2546"
},
{
"name": "RHSA-2017:2636",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2636"
},
{
"name": "RHSA-2017:3455",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3455"
},
{
"name": "RHSA-2017:2477",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2477"
},
{
"name": "RHSA-2017:3456",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3456"
},
{
"name": "RHSA-2018:0342",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0342"
},
{
"name": "RHSA-2017:1839",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1839"
},
{
"name": "99623",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/99623"
},
{
"name": "RHSA-2017:2637",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2637"
},
{
"name": "RHSA-2017:3454",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3454"
},
{
"name": "DSA-4004",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2017/dsa-4004"
},
{
"name": "RHSA-2017:3141",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3141"
},
{
"name": "RHSA-2017:2633",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2633"
},
{
"name": "[lucene-solr-user] 20190104 Re: SOLR v7 Security Issues Caused Denial of Use - Sonatype Application Composition Report",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451%40%3Csolr-user.lucene.apache.org%3E"
},
{
"name": "[lucene-dev] 20190325 [jira] [Closed] (SOLR-13110) CVE-2017-7525 Threat Level 9 Against Solr v7.6. org.codehaus.jackson : jackson-mapper-asl : 1.9.13. .A deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, ...",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/f60afd3c7e9ebaaf70fad4a4beb75cf8740ac959017a31e7006c7486%40%3Cdev.lucene.apache.org%3E"
},
{
"name": "[lucene-dev] 20190325 [jira] [Updated] (SOLR-13110) CVE-2017-7525 Threat Level 9 Against Solr v7.6. org.codehaus.jackson : jackson-mapper-asl : 1.9.13. .A deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, ...",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/3c87dc8bca99a2b3b4743713b33d1de05b1d6b761fdf316224e9c81f%40%3Cdev.lucene.apache.org%3E"
},
{
"name": "[lucene-dev] 20190325 [jira] [Assigned] (SOLR-13110) CVE-2017-7525 Threat Level 9 Against Solr v7.6. org.codehaus.jackson : jackson-mapper-asl : 1.9.13. .A deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, ...",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/c2ed4c0126b43e324cf740012a0edd371fd36096fd777be7bfe7a2a6%40%3Cdev.lucene.apache.org%3E"
},
{
"name": "[lucene-dev] 20190325 [jira] [Resolved] (SOLR-13110) CVE-2017-7525 Threat Level 9 Against Solr v7.6. org.codehaus.jackson : jackson-mapper-asl : 1.9.13. .A deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, ...",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/c10a2bf0fdc3d25faf17bd191d6ec46b29a353fa9c97bebd7c4e5913%40%3Cdev.lucene.apache.org%3E"
},
{
"name": "[lucene-dev] 20190325 [jira] [Updated] (SOLR-13110) CVE-2017-7525 Threat Level 9 Against Solr v7.6. org.codehaus.jackson : jackson-mapper-asl : 1.9.13. .A deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, ...",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/b1f33fe5ade396bb903fdcabe9f243f7692c7dfce5418d3743c2d346%40%3Cdev.lucene.apache.org%3E"
},
{
"name": "RHSA-2019:0910",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0910"
},
{
"name": "RHSA-2019:2858",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2858"
},
{
"name": "RHSA-2019:3149",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3149"
},
{
"name": "[cassandra-commits] 20191113 [jira] [Created] (CASSANDRA-15416) CVE-2017-7525 ( jackson-databind is vulnerable to Remote Code Execution) on version 3.11.4",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/4641ed8616ccc2c1fbddac2c3dc9900c96387bc226eaf0232d61909b%40%3Ccommits.cassandra.apache.org%3E"
},
{
"name": "[druid-commits] 20191115 [GitHub] [incubator-druid] ccaominh opened a new pull request #8878: Address security vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe%40%3Ccommits.druid.apache.org%3E"
},
{
"name": "[lucene-solr-user] 20191218 CVE-2017-7525 fix for Solr 7.7.x",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/5008bcbd45ee65ce39e4220b6ac53d28a24d6bc67d5804e9773a7399%40%3Csolr-user.lucene.apache.org%3E"
},
{
"name": "[lucene-solr-user] 20191218 Re: CVE-2017-7525 fix for Solr 7.7.x",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/c9d5ff20929e8a3c8794facf4c4b326a9c10618812eec356caa20b87%40%3Csolr-user.lucene.apache.org%3E"
},
{
"name": "[lucene-solr-user] 20191219 Re: CVE-2017-7525 fix for Solr 7.7.x",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/f095a791bda6c0595f691eddd0febb2d396987eec5cbd29120d8c629%40%3Csolr-user.lucene.apache.org%3E"
},
{
"name": "[debian-lts-announce] 20200131 [SECURITY] [DLA 2091-1] libjackson-json-java security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00037.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
},
{
"name": "[debian-lts-announce] 20200824 [SECURITY] [DLA 2342-1] libjackson-json-java security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00039.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03902en_us"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/FasterXML/jackson-databind/issues/1723"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/FasterXML/jackson-databind/issues/1599"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1462702"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20171214-0002/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cwiki.apache.org/confluence/display/WW/S2-055"
},
{
"name": "[spark-issues] 20210223 [jira] [Created] (SPARK-34511) Current Security vulnerabilities in spark libraries",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r68acf97f4526ba59a33cc6e592261ea4f85d890f99e79c82d57dd589%40%3Cissues.spark.apache.org%3E"
},
{
"name": "[cassandra-commits] 20210927 [jira] [Commented] (CASSANDRA-15416) CVE-2017-7525 ( jackson-databind is vulnerable to Remote Code Execution) on version 3.11.4",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rf7f87810c38dc9abf9f93989f76008f504cbf7c1a355214640b2d04c%40%3Ccommits.cassandra.apache.org%3E"
},
{
"name": "[cassandra-commits] 20210927 [jira] [Updated] (CASSANDRA-15416) CVE-2017-7525 ( jackson-databind is vulnerable to Remote Code Execution) on version 3.11.4",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r42ac3e39e6265db12d9fc6ae1cd4b5fea7aed9830dc6f6d58228fed7%40%3Ccommits.cassandra.apache.org%3E"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"DATE_PUBLIC": "2017-04-11T00:00:00",
"ID": "CVE-2017-7525",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "jackson-databind",
"version": {
"version_data": [
{
"version_value": "before 2.6.7.1"
},
{
"version_value": "before 2.7.9.1"
},
{
"version_value": "before 2.8.9"
}
]
}
}
]
},
"vendor_name": "FasterXML"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-184"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1040360",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040360"
},
{
"name": "RHSA-2017:1840",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1840"
},
{
"name": "RHSA-2017:2547",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2547"
},
{
"name": "RHSA-2017:1836",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1836"
},
{
"name": "RHSA-2017:1835",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1835"
},
{
"name": "RHSA-2018:1449",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1449"
},
{
"name": "1039744",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039744"
},
{
"name": "1039947",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039947"
},
{
"name": "RHSA-2017:2635",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2635"
},
{
"name": "RHSA-2017:2638",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2638"
},
{
"name": "RHSA-2018:1450",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1450"
},
{
"name": "RHSA-2017:3458",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:3458"
},
{
"name": "RHSA-2018:0294",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0294"
},
{
"name": "RHSA-2017:1837",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1837"
},
{
"name": "RHSA-2017:1834",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1834"
},
{
"name": "RHSA-2017:2546",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2546"
},
{
"name": "RHSA-2017:2636",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2636"
},
{
"name": "RHSA-2017:3455",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:3455"
},
{
"name": "RHSA-2017:2477",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2477"
},
{
"name": "RHSA-2017:3456",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:3456"
},
{
"name": "RHSA-2018:0342",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0342"
},
{
"name": "RHSA-2017:1839",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1839"
},
{
"name": "99623",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99623"
},
{
"name": "RHSA-2017:2637",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2637"
},
{
"name": "RHSA-2017:3454",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:3454"
},
{
"name": "DSA-4004",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2017/dsa-4004"
},
{
"name": "RHSA-2017:3141",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:3141"
},
{
"name": "RHSA-2017:2633",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2633"
},
{
"name": "[lucene-solr-user] 20190104 Re: SOLR v7 Security Issues Caused Denial of Use - Sonatype Application Composition Report",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451@%3Csolr-user.lucene.apache.org%3E"
},
{
"name": "[lucene-dev] 20190325 [jira] [Closed] (SOLR-13110) CVE-2017-7525 Threat Level 9 Against Solr v7.6. org.codehaus.jackson : jackson-mapper-asl : 1.9.13. .A deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, ...",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/f60afd3c7e9ebaaf70fad4a4beb75cf8740ac959017a31e7006c7486@%3Cdev.lucene.apache.org%3E"
},
{
"name": "[lucene-dev] 20190325 [jira] [Updated] (SOLR-13110) CVE-2017-7525 Threat Level 9 Against Solr v7.6. org.codehaus.jackson : jackson-mapper-asl : 1.9.13. .A deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, ...",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/3c87dc8bca99a2b3b4743713b33d1de05b1d6b761fdf316224e9c81f@%3Cdev.lucene.apache.org%3E"
},
{
"name": "[lucene-dev] 20190325 [jira] [Assigned] (SOLR-13110) CVE-2017-7525 Threat Level 9 Against Solr v7.6. org.codehaus.jackson : jackson-mapper-asl : 1.9.13. .A deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, ...",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/c2ed4c0126b43e324cf740012a0edd371fd36096fd777be7bfe7a2a6@%3Cdev.lucene.apache.org%3E"
},
{
"name": "[lucene-dev] 20190325 [jira] [Resolved] (SOLR-13110) CVE-2017-7525 Threat Level 9 Against Solr v7.6. org.codehaus.jackson : jackson-mapper-asl : 1.9.13. .A deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, ...",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/c10a2bf0fdc3d25faf17bd191d6ec46b29a353fa9c97bebd7c4e5913@%3Cdev.lucene.apache.org%3E"
},
{
"name": "[lucene-dev] 20190325 [jira] [Updated] (SOLR-13110) CVE-2017-7525 Threat Level 9 Against Solr v7.6. org.codehaus.jackson : jackson-mapper-asl : 1.9.13. .A deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, ...",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/b1f33fe5ade396bb903fdcabe9f243f7692c7dfce5418d3743c2d346@%3Cdev.lucene.apache.org%3E"
},
{
"name": "RHSA-2019:0910",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:0910"
},
{
"name": "RHSA-2019:2858",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2858"
},
{
"name": "RHSA-2019:3149",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:3149"
},
{
"name": "[cassandra-commits] 20191113 [jira] [Created] (CASSANDRA-15416) CVE-2017-7525 ( jackson-databind is vulnerable to Remote Code Execution) on version 3.11.4",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/4641ed8616ccc2c1fbddac2c3dc9900c96387bc226eaf0232d61909b@%3Ccommits.cassandra.apache.org%3E"
},
{
"name": "[druid-commits] 20191115 [GitHub] [incubator-druid] ccaominh opened a new pull request #8878: Address security vulnerabilities",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe@%3Ccommits.druid.apache.org%3E"
},
{
"name": "[lucene-solr-user] 20191218 CVE-2017-7525 fix for Solr 7.7.x",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/5008bcbd45ee65ce39e4220b6ac53d28a24d6bc67d5804e9773a7399@%3Csolr-user.lucene.apache.org%3E"
},
{
"name": "[lucene-solr-user] 20191218 Re: CVE-2017-7525 fix for Solr 7.7.x",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/c9d5ff20929e8a3c8794facf4c4b326a9c10618812eec356caa20b87@%3Csolr-user.lucene.apache.org%3E"
},
{
"name": "[lucene-solr-user] 20191219 Re: CVE-2017-7525 fix for Solr 7.7.x",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/f095a791bda6c0595f691eddd0febb2d396987eec5cbd29120d8c629@%3Csolr-user.lucene.apache.org%3E"
},
{
"name": "[debian-lts-announce] 20200131 [SECURITY] [DLA 2091-1] libjackson-json-java security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00037.html"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
},
{
"name": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
"refsource": "CONFIRM",
"url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
},
{
"name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
"refsource": "MISC",
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
"refsource": "MISC",
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
},
{
"name": "[debian-lts-announce] 20200824 [SECURITY] [DLA 2342-1] libjackson-json-java security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00039.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpuoct2020.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03902en_us",
"refsource": "CONFIRM",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03902en_us"
},
{
"name": "https://github.com/FasterXML/jackson-databind/issues/1723",
"refsource": "CONFIRM",
"url": "https://github.com/FasterXML/jackson-databind/issues/1723"
},
{
"name": "https://github.com/FasterXML/jackson-databind/issues/1599",
"refsource": "CONFIRM",
"url": "https://github.com/FasterXML/jackson-databind/issues/1599"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1462702",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1462702"
},
{
"name": "https://security.netapp.com/advisory/ntap-20171214-0002/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20171214-0002/"
},
{
"name": "https://cwiki.apache.org/confluence/display/WW/S2-055",
"refsource": "CONFIRM",
"url": "https://cwiki.apache.org/confluence/display/WW/S2-055"
},
{
"name": "[spark-issues] 20210223 [jira] [Created] (SPARK-34511) Current Security vulnerabilities in spark libraries",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r68acf97f4526ba59a33cc6e592261ea4f85d890f99e79c82d57dd589@%3Cissues.spark.apache.org%3E"
},
{
"name": "[cassandra-commits] 20210927 [jira] [Commented] (CASSANDRA-15416) CVE-2017-7525 ( jackson-databind is vulnerable to Remote Code Execution) on version 3.11.4",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rf7f87810c38dc9abf9f93989f76008f504cbf7c1a355214640b2d04c@%3Ccommits.cassandra.apache.org%3E"
},
{
"name": "[cassandra-commits] 20210927 [jira] [Updated] (CASSANDRA-15416) CVE-2017-7525 ( jackson-databind is vulnerable to Remote Code Execution) on version 3.11.4",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r42ac3e39e6265db12d9fc6ae1cd4b5fea7aed9830dc6f6d58228fed7@%3Ccommits.cassandra.apache.org%3E"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2017-7525",
"datePublished": "2018-02-06T15:00:00.000Z",
"dateReserved": "2017-04-05T00:00:00.000Z",
"dateUpdated": "2024-09-17T02:21:29.302Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2017-7525",
"date": "2026-05-28",
"epss": "0.82379",
"percentile": "0.99243"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2017-7525\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2018-02-06T15:29:00.297\",\"lastModified\":\"2024-11-21T03:32:04.613\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper.\"},{\"lang\":\"es\",\"value\":\"Se ha descubierto un error de deserializaci\u00f3n en jackson-databind, en versiones anteriores a la 2.6.7.1, 2.7.9.1 y a la 2.8.9, que podr\u00eda permitir que un usuario no autenticado ejecute c\u00f3digo enviando las entradas maliciosamente manipuladas al m\u00e9todo readValue de ObjectMapper.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":7.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"secalert@redhat.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-184\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-502\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.6.7.1\",\"matchCriteriaId\":\"2BD0008C-1562-400E-9E79-973384BAE68C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.7.0\",\"versionEndExcluding\":\"2.7.9.1\",\"matchCriteriaId\":\"350AD21A-F820-4106-BA80-84595398977D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.8.0\",\"versionEndExcluding\":\"2.8.9\",\"matchCriteriaId\":\"20D21D56-9399-40C1-A187-C0628E71EE56\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fasterxml:jackson-databind:2.9.0:prerelease1:*:*:*:*:*:*\",\"matchCriteriaId\":\"0BDA05E4-4693-4AA0-843B-476059E345CA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fasterxml:jackson-databind:2.9.0:prerelease2:*:*:*:*:*:*\",\"matchCriteriaId\":\"CF988893-BBEE-4BE3-949F-E4B8158B3046\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DEECE5FC-CACF-4496-A3E7-164736409252\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:oncommand_balance:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7DCBCC5D-C396-47A8-ADF4-D3A2C4377FB1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:oncommand_performance_manager:-:*:*:*:*:linux:*:*\",\"matchCriteriaId\":\"54E72B69-4E04-42A3-B532-53E98C6796D6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:oncommand_performance_manager:-:*:*:*:*:vmware_vsphere:*:*\",\"matchCriteriaId\":\"698C6261-679D-45C1-A396-57AC96AD64D6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:oncommand_shift:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3BD81527-A341-42C3-9AB9-880D3DB04B08\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BDFB1169-41A0-4A86-8E4F-FDA9730B1E94\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:openshift_container_platform:4.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"064E7BDD-4EF0-4A0D-A38D-8C75BAFEDCEF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:virtualization:4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6BBD7A51-0590-4DDF-8249-5AFA8D645CB6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:virtualization_host:4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BB28F9AF-3D06-4532-B397-96D7E4792503\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"51EF4996-72F4-4FA4-814F-F5991E7A8318\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B142ACCC-F7A9-4A3B-BE60-0D6691D5058D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B1ABA871-3271-48E2-A69C-5AD70AF94E53\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"88BF3B2C-B121-483A-AEF2-8082F6DA5310\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7117F117-D439-45EB-BB95-397E5E52C9BB\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9BBCD86A-E6C7-4444-9D74-F861084090F0\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"51EF4996-72F4-4FA4-814F-F5991E7A8318\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B142ACCC-F7A9-4A3B-BE60-0D6691D5058D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B1ABA871-3271-48E2-A69C-5AD70AF94E53\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"54D669D4-6D7E-449D-80C1-28FA44F06FFE\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2F87326E-0B56-4356-A889-73D026DB1D4B\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:banking_platform:2.5.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"35AD0C07-9688-4397-8D45-FBB88C0F0C11\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:banking_platform:2.6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8972497F-6E24-45A9-9A18-EB0E842CB1D4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:banking_platform:2.6.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"400509A8-D6F2-432C-A2F1-AD5B8778D0D9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:banking_platform:2.6.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"132CE62A-FBFC-4001-81EC-35D81F73AF48\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_billing_and_revenue_management:7.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E6039DC7-08F2-4DD9-B5B5-B6B22DD2409F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7231AF76-3D46-41C4-83E9-6E9E12940BD9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_communications_policy_management:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"12.0\",\"versionEndIncluding\":\"12.5.2\",\"matchCriteriaId\":\"2914F3C1-E05D-4F70-A87F-D74A7F2AD163\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_diameter_signaling_route:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"8.3\",\"matchCriteriaId\":\"7867B73E-38DD-4333-9D6B-868AAF299ABB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"622B95F1-8FA4-4AA6-9B68-5FE4302BA150\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9615B3B8-B176-4359-97B5-D2E2FEE5BFEA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:enterprise_manager_for_virtualization:13.2.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A9E97F04-00ED-48E9-AB40-7A02B3419641\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:enterprise_manager_for_virtualization:13.2.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FCCE5A11-39E7-4BBB-9E1A-BA4B754103BB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:enterprise_manager_for_virtualization:13.3.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A5AEC7F5-C353-4CF5-96CE-8C713A2B0C92\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.2.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CDBFC313-007A-427A-A23E-A8ACA726FC8F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.3.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6DF4622A-CDCB-4247-B0C4-6256A3F1D032\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.4.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"31A03EBE-1A06-4D25-B534-A6B0A9446751\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.5.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7BF30373-5239-4D7D-8FDD-E48668CD7BF2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.6.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9D7C353B-A4D8-44D2-AB6E-8830EA1A4BEC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.7.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8F1CFFE2-56BE-4CD4-9791-3C8B0E3ABE1C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:global_lifecycle_management_opatchauto:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"12.2.0.1.14\",\"matchCriteriaId\":\"C54D621E-E274-47EA-95A4-123B82BD4DD9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"17.1\",\"versionEndIncluding\":\"17.12\",\"matchCriteriaId\":\"B8249A74-C34A-4F66-8F11-F7F50F8813BF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:primavera_unifier:16.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D55A54FD-7DD1-49CD-BE81-0BE73990943C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:primavera_unifier:16.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"82EB08C0-2D46-4635-88DF-E54F6452D3A3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"202AD518-2E9B-4062-B063-9858AE1F9CE2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:utilities_advanced_spatial_and_operational_analytics:2.7.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6FD0EC40-B96B-4E9C-9A81-4E65C4B9512E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:webcenter_portal:12.2.1.3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D6A4F71A-4269-40FC-8F61-1D1301F2B728\"}]}]}],\"references\":[{\"url\":\"http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/99623\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1039744\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1039947\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1040360\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2017:1834\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2017:1835\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2017:1836\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2017:1837\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2017:1839\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2017:1840\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2017:2477\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2017:2546\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2017:2547\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2017:2633\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2017:2635\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2017:2636\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2017:2637\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2017:2638\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2017:3141\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2017:3454\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2017:3455\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2017:3456\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2017:3458\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:0294\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:0342\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:1449\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:1450\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:0910\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:2858\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:3149\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=1462702\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Issue Tracking\",\"Third Party Advisory\"]},{\"url\":\"https://cwiki.apache.org/confluence/display/WW/S2-055\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://github.com/FasterXML/jackson-databind/issues/1599\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Issue Tracking\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/FasterXML/jackson-databind/issues/1723\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Issue Tracking\",\"Third Party Advisory\"]},{\"url\":\"https://lists.apache.org/thread.html/3c87dc8bca99a2b3b4743713b33d1de05b1d6b761fdf316224e9c81f%40%3Cdev.lucene.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/4641ed8616ccc2c1fbddac2c3dc9900c96387bc226eaf0232d61909b%40%3Ccommits.cassandra.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/5008bcbd45ee65ce39e4220b6ac53d28a24d6bc67d5804e9773a7399%40%3Csolr-user.lucene.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451%40%3Csolr-user.lucene.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe%40%3Ccommits.druid.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/b1f33fe5ade396bb903fdcabe9f243f7692c7dfce5418d3743c2d346%40%3Cdev.lucene.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/c10a2bf0fdc3d25faf17bd191d6ec46b29a353fa9c97bebd7c4e5913%40%3Cdev.lucene.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/c2ed4c0126b43e324cf740012a0edd371fd36096fd777be7bfe7a2a6%40%3Cdev.lucene.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/c9d5ff20929e8a3c8794facf4c4b326a9c10618812eec356caa20b87%40%3Csolr-user.lucene.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/f095a791bda6c0595f691eddd0febb2d396987eec5cbd29120d8c629%40%3Csolr-user.lucene.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/f60afd3c7e9ebaaf70fad4a4beb75cf8740ac959017a31e7006c7486%40%3Cdev.lucene.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/r42ac3e39e6265db12d9fc6ae1cd4b5fea7aed9830dc6f6d58228fed7%40%3Ccommits.cassandra.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/r68acf97f4526ba59a33cc6e592261ea4f85d890f99e79c82d57dd589%40%3Cissues.spark.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/rf7f87810c38dc9abf9f93989f76008f504cbf7c1a355214640b2d04c%40%3Ccommits.cassandra.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.debian.org/debian-lts-announce/2020/01/msg00037.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2020/08/msg00039.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20171214-0002/\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03902en_us\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2017/dsa-4004\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpuoct2020.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/99623\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1039744\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1039947\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1040360\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2017:1834\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2017:1835\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2017:1836\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2017:1837\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2017:1839\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2017:1840\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2017:2477\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2017:2546\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2017:2547\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2017:2633\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2017:2635\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2017:2636\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2017:2637\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2017:2638\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2017:3141\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2017:3454\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2017:3455\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2017:3456\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2017:3458\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:0294\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:0342\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:1449\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:1450\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:0910\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:2858\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:3149\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=1462702\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Third Party Advisory\"]},{\"url\":\"https://cwiki.apache.org/confluence/display/WW/S2-055\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://github.com/FasterXML/jackson-databind/issues/1599\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/FasterXML/jackson-databind/issues/1723\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Third Party Advisory\"]},{\"url\":\"https://lists.apache.org/thread.html/3c87dc8bca99a2b3b4743713b33d1de05b1d6b761fdf316224e9c81f%40%3Cdev.lucene.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/4641ed8616ccc2c1fbddac2c3dc9900c96387bc226eaf0232d61909b%40%3Ccommits.cassandra.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/5008bcbd45ee65ce39e4220b6ac53d28a24d6bc67d5804e9773a7399%40%3Csolr-user.lucene.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451%40%3Csolr-user.lucene.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe%40%3Ccommits.druid.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/b1f33fe5ade396bb903fdcabe9f243f7692c7dfce5418d3743c2d346%40%3Cdev.lucene.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/c10a2bf0fdc3d25faf17bd191d6ec46b29a353fa9c97bebd7c4e5913%40%3Cdev.lucene.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/c2ed4c0126b43e324cf740012a0edd371fd36096fd777be7bfe7a2a6%40%3Cdev.lucene.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/c9d5ff20929e8a3c8794facf4c4b326a9c10618812eec356caa20b87%40%3Csolr-user.lucene.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/f095a791bda6c0595f691eddd0febb2d396987eec5cbd29120d8c629%40%3Csolr-user.lucene.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/f60afd3c7e9ebaaf70fad4a4beb75cf8740ac959017a31e7006c7486%40%3Cdev.lucene.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r42ac3e39e6265db12d9fc6ae1cd4b5fea7aed9830dc6f6d58228fed7%40%3Ccommits.cassandra.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r68acf97f4526ba59a33cc6e592261ea4f85d890f99e79c82d57dd589%40%3Cissues.spark.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/rf7f87810c38dc9abf9f93989f76008f504cbf7c1a355214640b2d04c%40%3Ccommits.cassandra.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.debian.org/debian-lts-announce/2020/01/msg00037.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2020/08/msg00039.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20171214-0002/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03902en_us\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2017/dsa-4004\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpuoct2020.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]}]}}"
}
}
CERTFR-2026-AVI-0500
Vulnerability from certfr_avis - Published: 2026-04-27 - Updated: 2026-04-27
De multiples vulnérabilités ont été découvertes dans VMware Tanzu. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Tanzu Greenplum Platform Extension Framework versions ant\u00e9rieures \u00e0 8.0.0",
"product": {
"name": "N/A",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu Data Lake versions ant\u00e9rieures \u00e0 4.0.0",
"product": {
"name": "N/A",
"vendor": {
"name": "VMware",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2019-12384",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12384"
},
{
"name": "CVE-2019-17267",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17267"
},
{
"name": "CVE-2026-2229",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2229"
},
{
"name": "CVE-2018-19362",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-19362"
},
{
"name": "CVE-2026-33871",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33871"
},
{
"name": "CVE-2026-22737",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22737"
},
{
"name": "CVE-2026-3449",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-3449"
},
{
"name": "CVE-2023-43642",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-43642"
},
{
"name": "CVE-2021-21409",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-21409"
},
{
"name": "CVE-2026-22036",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22036"
},
{
"name": "CVE-2023-1370",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1370"
},
{
"name": "CVE-2023-33201",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33201"
},
{
"name": "CVE-2022-46175",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-46175"
},
{
"name": "CVE-2026-24098",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-24098"
},
{
"name": "CVE-2018-14719",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14719"
},
{
"name": "CVE-2026-24734",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-24734"
},
{
"name": "CVE-2021-0341",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0341"
},
{
"name": "CVE-2025-66614",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66614"
},
{
"name": "CVE-2020-9546",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-9546"
},
{
"name": "CVE-2025-56200",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-56200"
},
{
"name": "CVE-2020-10673",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10673"
},
{
"name": "CVE-2020-35728",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35728"
},
{
"name": "CVE-2020-36181",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36181"
},
{
"name": "CVE-2026-1527",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1527"
},
{
"name": "CVE-2020-9548",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-9548"
},
{
"name": "CVE-2020-36182",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36182"
},
{
"name": "CVE-2020-24616",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-24616"
},
{
"name": "CVE-2026-41239",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-41239"
},
{
"name": "CVE-2020-36185",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36185"
},
{
"name": "CVE-2022-37603",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-37603"
},
{
"name": "CVE-2023-34610",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34610"
},
{
"name": "CVE-2024-47561",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47561"
},
{
"name": "CVE-2019-16942",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16942"
},
{
"name": "CVE-2022-25883",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25883"
},
{
"name": "CVE-2026-34486",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34486"
},
{
"name": "CVE-2026-1525",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1525"
},
{
"name": "CVE-2018-1320",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1320"
},
{
"name": "CVE-2020-9547",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-9547"
},
{
"name": "CVE-2026-29145",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-29145"
},
{
"name": "CVE-2025-24970",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24970"
},
{
"name": "CVE-2025-49128",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49128"
},
{
"name": "CVE-2020-36179",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36179"
},
{
"name": "CVE-2018-14718",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14718"
},
{
"name": "CVE-2020-10650",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10650"
},
{
"name": "CVE-2025-1647",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1647"
},
{
"name": "CVE-2020-36186",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36186"
},
{
"name": "CVE-2026-23745",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23745"
},
{
"name": "CVE-2025-7962",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-7962"
},
{
"name": "CVE-2020-36189",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36189"
},
{
"name": "CVE-2019-20444",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20444"
},
{
"name": "CVE-2020-35490",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35490"
},
{
"name": "CVE-2023-34462",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34462"
},
{
"name": "CVE-2026-33870",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33870"
},
{
"name": "CVE-2023-34454",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34454"
},
{
"name": "CVE-2021-20190",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20190"
},
{
"name": "CVE-2024-29857",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29857"
},
{
"name": "CVE-2020-13949",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-13949"
},
{
"name": "CVE-2023-33202",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33202"
},
{
"name": "CVE-2024-13009",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-13009"
},
{
"name": "CVE-2023-26115",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26115"
},
{
"name": "CVE-2025-54550",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-54550"
},
{
"name": "CVE-2025-54920",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-54920"
},
{
"name": "CVE-2024-34447",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34447"
},
{
"name": "CVE-2019-16335",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16335"
},
{
"name": "CVE-2023-34453",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34453"
},
{
"name": "CVE-2025-33042",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-33042"
},
{
"name": "CVE-2024-11831",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11831"
},
{
"name": "CVE-2018-7489",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7489"
},
{
"name": "CVE-2025-58057",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58057"
},
{
"name": "CVE-2026-34500",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34500"
},
{
"name": "CVE-2025-9624",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9624"
},
{
"name": "CVE-2026-34043",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34043"
},
{
"name": "CVE-2024-26308",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26308"
},
{
"name": "CVE-2025-64718",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-64718"
},
{
"name": "CVE-2020-11113",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11113"
},
{
"name": "CVE-2025-62718",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-62718"
},
{
"name": "CVE-2026-4800",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4800"
},
{
"name": "CVE-2026-33671",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33671"
},
{
"name": "CVE-2026-33532",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33532"
},
{
"name": "CVE-2025-68470",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68470"
},
{
"name": "CVE-2025-67721",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-67721"
},
{
"name": "CVE-2024-23454",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23454"
},
{
"name": "CVE-2020-10672",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10672"
},
{
"name": "CVE-2022-3510",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3510"
},
{
"name": "CVE-2022-3509",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3509"
},
{
"name": "CVE-2021-37137",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-37137"
},
{
"name": "CVE-2019-14439",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14439"
},
{
"name": "CVE-2026-33750",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33750"
},
{
"name": "CVE-2025-66236",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66236"
},
{
"name": "CVE-2020-10969",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10969"
},
{
"name": "CVE-2024-48910",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-48910"
},
{
"name": "CVE-2024-8184",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8184"
},
{
"name": "CVE-2025-11143",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11143"
},
{
"name": "CVE-2026-34480",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34480"
},
{
"name": "CVE-2025-52999",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-52999"
},
{
"name": "CVE-2025-7783",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-7783"
},
{
"name": "CVE-2026-33228",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33228"
},
{
"name": "CVE-2025-12758",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12758"
},
{
"name": "CVE-2024-21538",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21538"
},
{
"name": "CVE-2020-36187",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36187"
},
{
"name": "CVE-2026-40175",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-40175"
},
{
"name": "CVE-2024-57083",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57083"
},
{
"name": "CVE-2022-38749",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38749"
},
{
"name": "CVE-2024-23953",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23953"
},
{
"name": "CVE-2026-29074",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-29074"
},
{
"name": "CVE-2025-68161",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68161"
},
{
"name": "CVE-2023-34455",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34455"
},
{
"name": "CVE-2024-29131",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29131"
},
{
"name": "CVE-2026-41240",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-41240"
},
{
"name": "CVE-2026-26960",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-26960"
},
{
"name": "CVE-2020-11620",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11620"
},
{
"name": "CVE-2024-53382",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53382"
},
{
"name": "CVE-2018-12022",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12022"
},
{
"name": "CVE-2024-47554",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47554"
},
{
"name": "CVE-2022-37601",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-37601"
},
{
"name": "CVE-2018-5968",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5968"
},
{
"name": "CVE-2025-61795",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61795"
},
{
"name": "CVE-2026-27903",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27903"
},
{
"name": "CVE-2021-21295",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-21295"
},
{
"name": "CVE-2024-45801",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45801"
},
{
"name": "CVE-2020-24750",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-24750"
},
{
"name": "CVE-2025-27821",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27821"
},
{
"name": "CVE-2022-41404",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41404"
},
{
"name": "CVE-2023-39410",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39410"
},
{
"name": "CVE-2024-25710",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25710"
},
{
"name": "CVE-2024-7254",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7254"
},
{
"name": "CVE-2026-22732",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22732"
},
{
"name": "CVE-2024-29133",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29133"
},
{
"name": "CVE-2025-55163",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55163"
},
{
"name": "CVE-2026-34487",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34487"
},
{
"name": "CVE-2025-27555",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27555"
},
{
"name": "CVE-2025-65995",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-65995"
},
{
"name": "CVE-2022-3517",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3517"
},
{
"name": "CVE-2019-16943",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16943"
},
{
"name": "CVE-2021-43797",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-43797"
},
{
"name": "CVE-2026-24842",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-24842"
},
{
"name": "CVE-2017-7525",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7525"
},
{
"name": "CVE-2026-23950",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23950"
},
{
"name": "CVE-2019-20330",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20330"
},
{
"name": "CVE-2026-2950",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2950"
},
{
"name": "CVE-2020-14195",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14195"
},
{
"name": "CVE-2018-10237",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10237"
},
{
"name": "CVE-2019-12814",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12814"
},
{
"name": "CVE-2020-35491",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35491"
},
{
"name": "CVE-2019-17531",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17531"
},
{
"name": "CVE-2026-32280",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32280"
},
{
"name": "CVE-2023-52428",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52428"
},
{
"name": "CVE-2025-69873",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-69873"
},
{
"name": "CVE-2020-14061",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14061"
},
{
"name": "CVE-2024-6485",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6485"
},
{
"name": "CVE-2025-67735",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-67735"
},
{
"name": "CVE-2022-42004",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42004"
},
{
"name": "CVE-2025-68458",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68458"
},
{
"name": "CVE-2021-22569",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22569"
},
{
"name": "CVE-2020-11619",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11619"
},
{
"name": "CVE-2026-29786",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-29786"
},
{
"name": "CVE-2025-26791",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-26791"
},
{
"name": "CVE-2020-36183",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36183"
},
{
"name": "CVE-2026-25854",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25854"
},
{
"name": "CVE-2021-22573",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22573"
},
{
"name": "CVE-2020-8840",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8840"
},
{
"name": "CVE-2026-2332",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2332"
},
{
"name": "CVE-2025-58056",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58056"
},
{
"name": "CVE-2026-1526",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1526"
},
{
"name": "CVE-2019-0205",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0205"
},
{
"name": "CVE-2024-47875",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47875"
},
{
"name": "CVE-2022-41854",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41854"
},
{
"name": "CVE-2026-33672",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33672"
},
{
"name": "CVE-2020-8908",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8908"
},
{
"name": "CVE-2024-37890",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-37890"
},
{
"name": "CVE-2020-36184",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36184"
},
{
"name": "CVE-2023-42503",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42503"
},
{
"name": "CVE-2024-56373",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56373"
},
{
"name": "CVE-2026-25639",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25639"
},
{
"name": "CVE-2020-36180",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36180"
},
{
"name": "CVE-2024-28863",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28863"
},
{
"name": "CVE-2021-31684",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31684"
},
{
"name": "CVE-2022-25857",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25857"
},
{
"name": "CVE-2022-38751",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38751"
},
{
"name": "CVE-2025-25193",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-25193"
},
{
"name": "CVE-2020-36518",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36518"
},
{
"name": "CVE-2026-22735",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22735"
},
{
"name": "CVE-2025-5889",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5889"
},
{
"name": "CVE-2024-30171",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-30171"
},
{
"name": "CVE-2026-24733",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-24733"
},
{
"name": "CVE-2022-38900",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38900"
},
{
"name": "CVE-2025-68157",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68157"
},
{
"name": "CVE-2017-15095",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-15095"
},
{
"name": "CVE-2019-14540",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14540"
},
{
"name": "CVE-2024-36114",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36114"
},
{
"name": "CVE-2025-27789",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27789"
},
{
"name": "CVE-2019-12086",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12086"
},
{
"name": "CVE-2025-48924",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48924"
},
{
"name": "CVE-2022-38752",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38752"
},
{
"name": "CVE-2025-8916",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8916"
},
{
"name": "CVE-2025-8885",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8885"
},
{
"name": "CVE-2025-41249",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-41249"
},
{
"name": "CVE-2022-38750",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38750"
},
{
"name": "CVE-2021-21290",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-21290"
},
{
"name": "CVE-2018-11307",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11307"
},
{
"name": "CVE-2026-26996",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-26996"
},
{
"name": "CVE-2020-10968",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10968"
},
{
"name": "CVE-2022-42003",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42003"
},
{
"name": "CVE-2020-25649",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25649"
},
{
"name": "CVE-2025-68675",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68675"
},
{
"name": "CVE-2023-2976",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2976"
},
{
"name": "CVE-2017-17485",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-17485"
},
{
"name": "CVE-2026-34483",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34483"
},
{
"name": "CVE-2022-37599",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-37599"
},
{
"name": "CVE-2026-32141",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32141"
},
{
"name": "CVE-2025-59419",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59419"
},
{
"name": "CVE-2022-1471",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1471"
},
{
"name": "CVE-2019-14379",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14379"
},
{
"name": "CVE-2023-26136",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26136"
},
{
"name": "CVE-2026-33816",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33816"
},
{
"name": "CVE-2022-3171",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3171"
},
{
"name": "CVE-2026-25219",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25219"
},
{
"name": "CVE-2020-11112",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11112"
},
{
"name": "CVE-2020-11111",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11111"
},
{
"name": "CVE-2026-31802",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31802"
},
{
"name": "CVE-2025-13465",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-13465"
},
{
"name": "CVE-2025-22227",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22227"
},
{
"name": "CVE-2026-27904",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27904"
},
{
"name": "CVE-2026-1225",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1225"
},
{
"name": "CVE-2020-14060",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14060"
},
{
"name": "CVE-2020-36188",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36188"
},
{
"name": "CVE-2016-1000027",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1000027"
},
{
"name": "CVE-2024-57699",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57699"
},
{
"name": "CVE-2019-14892",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14892"
},
{
"name": "CVE-2019-20445",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20445"
},
{
"name": "CVE-2025-48734",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48734"
},
{
"name": "CVE-2025-11226",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11226"
},
{
"name": "CVE-2020-14062",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14062"
}
],
"initial_release_date": "2026-04-27T00:00:00",
"last_revision_date": "2026-04-27T00:00:00",
"links": [],
"reference": "CERTFR-2026-AVI-0500",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2026-04-27T00:00:00.000000"
}
],
"risks": [
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans VMware Tanzu. Elles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans VMware Tanzu",
"vendor_advisories": [
{
"published_at": "2026-04-24",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37405",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37405"
},
{
"published_at": "2026-04-24",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37404",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37404"
}
]
}
CERTFR-2026-AVI-0556
Vulnerability from certfr_avis - Published: 2026-05-11 - Updated: 2026-05-11
De multiples vulnérabilités ont été découvertes dans les produits VMware. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| VMware | Tanzu | Tanzu RabbitMQ on Kubernetes versions 31.3.x antérieures à 3.13.15 | ||
| VMware | Tanzu Greenplum | Tanzu Greenplum Streaming Server For Kubernetes versions antérieures à 1.3.0 | ||
| VMware | Tanzu | Tanzu Data Flow on Kubernetes versions antérieures à 2.1.0 | ||
| VMware | Tanzu | Tanzu RabbitMQ on Kubernetes versions 4.0.x antérieures à 4.0.20 | ||
| VMware | Tanzu Greenplum | Tanzu Greenplum Backup and Restore versions antérieures à1.33.0 | ||
| VMware | Tanzu Greenplum | Tanzu Greenplum Data Copy Utility versions antérieures à 2.9.3 | ||
| VMware | Tanzu | Tanzu for Valkey on Kubernetes versions antérieures à 3.3.4 | ||
| VMware | Tanzu Greenplum | Tanzu Greenplum Command Center versions 6.17.x antérieures à 6.17.0 | ||
| VMware | Tanzu Greenplum | Tanzu Greenplum on Kubernetes versions antérieures à 1.1.0 | ||
| VMware | Tanzu Greenplum | Tanzu Greenplum Platform Extension Framework versions antérieures à 8.0.0 | ||
| VMware | Tanzu | Tanzu RabbitMQ on Kubernetes versions 4.2.x antérieures à 4.2.6 | ||
| VMware | Tanzu Greenplum | Tanzu Greenplum Text versions antérieures à 4.0.0 | ||
| VMware | Tanzu Greenplum | Tanzu Greenplum Streaming Server versions antérieures à 2.3.0 | ||
| VMware | Tanzu | Tanzu RabbitMQ on Kubernetes versions 4.3.x antérieures à 4.3.0 | ||
| VMware | Tanzu | Tanzu for Valkey on Kubernetes versions antérieures à 3.4.0 | ||
| VMware | Tanzu Gemfire | Tanzu GemFire versions antérieures à 10.2.3 | ||
| VMware | Tanzu Greenplum | Tanzu Greenplum Upgrade versions antérieures à 2.0.0 | ||
| VMware | Tanzu Greenplum | Tanzu Greenplumversions antérieures à 7.8.0 | ||
| VMware | Tanzu Gemfire | Tanzu GemFire Vector Database versions antérieures à 1.2.2 | ||
| VMware | Tanzu Greenplum | Tanzu Greenplum versions antérieures à 6.33.0 | ||
| VMware | Tanzu Greenplum | Tanzu Greenplum Command Center versions 7.7.x antérieures à 7.7.0 | ||
| VMware | Tanzu | Tanzu RabbitMQ on Kubernetes versions 4.1.x antérieures à 4.1.11 | ||
| VMware | Tanzu | Tanzu for MySQL on Kubernetes versions antérieures à 2.0.3 |
References
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Tanzu RabbitMQ on Kubernetes versions 31.3.x ant\u00e9rieures \u00e0 3.13.15",
"product": {
"name": "Tanzu",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu Greenplum Streaming Server For Kubernetes versions ant\u00e9rieures \u00e0 1.3.0",
"product": {
"name": "Tanzu Greenplum",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu Data Flow on Kubernetes versions ant\u00e9rieures \u00e0 2.1.0",
"product": {
"name": "Tanzu",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu RabbitMQ on Kubernetes versions 4.0.x ant\u00e9rieures \u00e0 4.0.20",
"product": {
"name": "Tanzu",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu Greenplum Backup and Restore versions ant\u00e9rieures \u00e01.33.0",
"product": {
"name": "Tanzu Greenplum",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu Greenplum Data Copy Utility versions ant\u00e9rieures \u00e0 2.9.3",
"product": {
"name": "Tanzu Greenplum",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu for Valkey on Kubernetes versions ant\u00e9rieures \u00e0 3.3.4",
"product": {
"name": "Tanzu",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu Greenplum Command Center versions 6.17.x ant\u00e9rieures \u00e0 6.17.0",
"product": {
"name": "Tanzu Greenplum",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu Greenplum on Kubernetes versions ant\u00e9rieures \u00e0 1.1.0",
"product": {
"name": "Tanzu Greenplum",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu Greenplum Platform Extension Framework versions ant\u00e9rieures \u00e0 8.0.0",
"product": {
"name": "Tanzu Greenplum",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu RabbitMQ on Kubernetes versions 4.2.x ant\u00e9rieures \u00e0 4.2.6",
"product": {
"name": "Tanzu",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu Greenplum Text versions ant\u00e9rieures \u00e0 4.0.0",
"product": {
"name": "Tanzu Greenplum",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu Greenplum Streaming Server versions ant\u00e9rieures \u00e0 2.3.0",
"product": {
"name": "Tanzu Greenplum",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu RabbitMQ on Kubernetes versions 4.3.x ant\u00e9rieures \u00e0 4.3.0",
"product": {
"name": "Tanzu",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu for Valkey on Kubernetes versions ant\u00e9rieures \u00e0 3.4.0",
"product": {
"name": "Tanzu",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": " Tanzu GemFire versions ant\u00e9rieures \u00e0 10.2.3",
"product": {
"name": "Tanzu Gemfire",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu Greenplum Upgrade versions ant\u00e9rieures \u00e0 2.0.0",
"product": {
"name": "Tanzu Greenplum",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu Greenplumversions ant\u00e9rieures \u00e0 7.8.0",
"product": {
"name": "Tanzu Greenplum",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu GemFire Vector Database versions ant\u00e9rieures \u00e0 1.2.2",
"product": {
"name": "Tanzu Gemfire",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu Greenplum versions ant\u00e9rieures \u00e0 6.33.0",
"product": {
"name": "Tanzu Greenplum",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu Greenplum Command Center versions 7.7.x ant\u00e9rieures \u00e0 7.7.0",
"product": {
"name": "Tanzu Greenplum",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu RabbitMQ on Kubernetes versions 4.1.x ant\u00e9rieures \u00e0 4.1.11",
"product": {
"name": "Tanzu",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu for MySQL on Kubernetes versions ant\u00e9rieures \u00e0 2.0.3\n",
"product": {
"name": "Tanzu",
"vendor": {
"name": "VMware",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-8715",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8715"
},
{
"name": "CVE-2025-30681",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30681"
},
{
"name": "CVE-2018-19361",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-19361"
},
{
"name": "CVE-2019-12384",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12384"
},
{
"name": "CVE-2025-69534",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-69534"
},
{
"name": "CVE-2025-61730",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61730"
},
{
"name": "CVE-2026-27135",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27135"
},
{
"name": "CVE-2019-17267",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17267"
},
{
"name": "CVE-2025-3264",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3264"
},
{
"name": "CVE-2018-19362",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-19362"
},
{
"name": "CVE-2025-15282",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-15282"
},
{
"name": "CVE-2026-33871",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33871"
},
{
"name": "CVE-2026-22737",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22737"
},
{
"name": "CVE-2020-26939",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26939"
},
{
"name": "CVE-2021-29425",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-29425"
},
{
"name": "CVE-2025-53042",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53042"
},
{
"name": "CVE-2026-4878",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4878"
},
{
"name": "CVE-2026-35238",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-35238"
},
{
"name": "CVE-2025-30689",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30689"
},
{
"name": "CVE-2026-27205",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27205"
},
{
"name": "CVE-2025-9231",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9231"
},
{
"name": "CVE-2025-30715",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30715"
},
{
"name": "CVE-2024-37891",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-37891"
},
{
"name": "CVE-2025-30682",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30682"
},
{
"name": "CVE-2026-32990",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32990"
},
{
"name": "CVE-2022-30973",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30973"
},
{
"name": "CVE-2025-50102",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50102"
},
{
"name": "CVE-2026-1669",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1669"
},
{
"name": "CVE-2026-39892",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-39892"
},
{
"name": "CVE-2023-33201",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33201"
},
{
"name": "CVE-2026-33186",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33186"
},
{
"name": "CVE-2021-27906",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-27906"
},
{
"name": "CVE-2025-27516",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27516"
},
{
"name": "CVE-2018-14719",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14719"
},
{
"name": "CVE-2026-34267",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34267"
},
{
"name": "CVE-2023-50386",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-50386"
},
{
"name": "CVE-2026-21936",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21936"
},
{
"name": "CVE-2026-21937",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21937"
},
{
"name": "CVE-2025-66614",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66614"
},
{
"name": "CVE-2020-15250",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-15250"
},
{
"name": "CVE-2016-1000341",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1000341"
},
{
"name": "CVE-2026-32286",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32286"
},
{
"name": "CVE-2025-50100",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50100"
},
{
"name": "CVE-2020-9546",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-9546"
},
{
"name": "CVE-2020-13956",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-13956"
},
{
"name": "CVE-2026-35239",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-35239"
},
{
"name": "CVE-2026-3497",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-3497"
},
{
"name": "CVE-2025-53062",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53062"
},
{
"name": "CVE-2026-25990",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25990"
},
{
"name": "CVE-2026-32288",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32288"
},
{
"name": "CVE-2021-36373",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-36373"
},
{
"name": "CVE-2020-10673",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10673"
},
{
"name": "CVE-2024-12797",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12797"
},
{
"name": "CVE-2025-12084",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12084"
},
{
"name": "CVE-2020-35728",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35728"
},
{
"name": "CVE-2026-0897",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0897"
},
{
"name": "CVE-2025-5197",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5197"
},
{
"name": "CVE-2026-34271",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34271"
},
{
"name": "CVE-2019-10094",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10094"
},
{
"name": "CVE-2026-24308",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-24308"
},
{
"name": "CVE-2025-11468",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11468"
},
{
"name": "CVE-2025-30703",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30703"
},
{
"name": "CVE-2020-36181",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36181"
},
{
"name": "CVE-2020-9548",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-9548"
},
{
"name": "CVE-2026-3446",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-3446"
},
{
"name": "CVE-2026-32875",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32875"
},
{
"name": "CVE-2020-36182",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36182"
},
{
"name": "CVE-2025-6069",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6069"
},
{
"name": "CVE-2016-1000343",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1000343"
},
{
"name": "CVE-2020-24616",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-24616"
},
{
"name": "CVE-2020-10683",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10683"
},
{
"name": "CVE-2022-24613",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24613"
},
{
"name": "CVE-2025-50080",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50080"
},
{
"name": "CVE-2025-6075",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6075"
},
{
"name": "CVE-2026-27456",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27456"
},
{
"name": "CVE-2026-22701",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22701"
},
{
"name": "CVE-2026-34270",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34270"
},
{
"name": "CVE-2026-34303",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34303"
},
{
"name": "CVE-2025-4330",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4330"
},
{
"name": "CVE-2025-2953",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-2953"
},
{
"name": "CVE-2020-36185",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36185"
},
{
"name": "CVE-2025-50078",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50078"
},
{
"name": "CVE-2025-3933",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3933"
},
{
"name": "CVE-2025-4138",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4138"
},
{
"name": "CVE-2025-61731",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61731"
},
{
"name": "CVE-2018-8036",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-8036"
},
{
"name": "CVE-2023-36632",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36632"
},
{
"name": "CVE-2022-26612",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26612"
},
{
"name": "CVE-2022-36364",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-36364"
},
{
"name": "CVE-2026-27143",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27143"
},
{
"name": "CVE-2019-16942",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16942"
},
{
"name": "CVE-2025-30696",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30696"
},
{
"name": "CVE-2026-22009",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22009"
},
{
"name": "CVE-2018-1320",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1320"
},
{
"name": "CVE-2025-13837",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-13837"
},
{
"name": "CVE-2020-9547",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-9547"
},
{
"name": "CVE-2026-29145",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-29145"
},
{
"name": "CVE-2025-24970",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24970"
},
{
"name": "CVE-2025-49128",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49128"
},
{
"name": "CVE-2026-21998",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21998"
},
{
"name": "CVE-2019-17558",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17558"
},
{
"name": "CVE-2020-36179",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36179"
},
{
"name": "CVE-2026-35469",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-35469"
},
{
"name": "CVE-2020-13955",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-13955"
},
{
"name": "CVE-2018-14718",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14718"
},
{
"name": "CVE-2020-10650",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10650"
},
{
"name": "CVE-2025-21584",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21584"
},
{
"name": "CVE-2025-66516",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66516"
},
{
"name": "CVE-2025-15367",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-15367"
},
{
"name": "CVE-2016-1000346",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1000346"
},
{
"name": "CVE-2020-36186",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36186"
},
{
"name": "CVE-2020-36189",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36189"
},
{
"name": "CVE-2025-9820",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9820"
},
{
"name": "CVE-2026-2006",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2006"
},
{
"name": "CVE-2020-35490",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35490"
},
{
"name": "CVE-2026-35236",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-35236"
},
{
"name": "CVE-2026-33870",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33870"
},
{
"name": "CVE-2020-13936",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-13936"
},
{
"name": "CVE-2025-50085",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50085"
},
{
"name": "CVE-2021-20190",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20190"
},
{
"name": "CVE-2021-35516",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35516"
},
{
"name": "CVE-2024-29857",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29857"
},
{
"name": "CVE-2018-19360",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-19360"
},
{
"name": "CVE-2023-33202",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33202"
},
{
"name": "CVE-2025-41248",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-41248"
},
{
"name": "CVE-2024-13009",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-13009"
},
{
"name": "CVE-2026-5121",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-5121"
},
{
"name": "CVE-2024-12798",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12798"
},
{
"name": "CVE-2025-0938",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0938"
},
{
"name": "CVE-2026-35237",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-35237"
},
{
"name": "CVE-2014-0114",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0114"
},
{
"name": "CVE-2026-33236",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33236"
},
{
"name": "CVE-2022-32287",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32287"
},
{
"name": "CVE-2026-2005",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2005"
},
{
"name": "CVE-2019-16335",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16335"
},
{
"name": "CVE-2016-1000345",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1000345"
},
{
"name": "CVE-2026-24051",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-24051"
},
{
"name": "CVE-2022-39135",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-39135"
},
{
"name": "CVE-2025-33042",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-33042"
},
{
"name": "CVE-2026-34073",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34073"
},
{
"name": "CVE-2026-27144",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27144"
},
{
"name": "CVE-2018-7489",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7489"
},
{
"name": "CVE-2025-58057",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58057"
},
{
"name": "CVE-2025-8291",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8291"
},
{
"name": "CVE-2026-22017",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22017"
},
{
"name": "CVE-2022-26336",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26336"
},
{
"name": "CVE-2024-21244",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21244"
},
{
"name": "CVE-2026-32283",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32283"
},
{
"name": "CVE-2025-30683",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30683"
},
{
"name": "CVE-2025-30699",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30699"
},
{
"name": "CVE-2019-14893",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14893"
},
{
"name": "CVE-2018-1338",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1338"
},
{
"name": "CVE-2025-61727",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61727"
},
{
"name": "CVE-2023-50298",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-50298"
},
{
"name": "CVE-2024-26308",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26308"
},
{
"name": "CVE-2021-29262",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-29262"
},
{
"name": "CVE-2020-11113",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11113"
},
{
"name": "CVE-2024-21503",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21503"
},
{
"name": "CVE-2016-1000338",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1000338"
},
{
"name": "CVE-2026-0861",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0861"
},
{
"name": "CVE-2026-1703",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1703"
},
{
"name": "CVE-2026-25645",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25645"
},
{
"name": "CVE-2026-21860",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21860"
},
{
"name": "CVE-2026-3479",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-3479"
},
{
"name": "CVE-2024-52012",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-52012"
},
{
"name": "CVE-2021-35517",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35517"
},
{
"name": "CVE-2025-50098",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50098"
},
{
"name": "CVE-2026-39883",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-39883"
},
{
"name": "CVE-2026-4424",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4424"
},
{
"name": "CVE-2019-10088",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10088"
},
{
"name": "CVE-2025-50086",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50086"
},
{
"name": "CVE-2026-32281",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32281"
},
{
"name": "CVE-2026-1839",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1839"
},
{
"name": "CVE-2026-27142",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27142"
},
{
"name": "CVE-2026-34515",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34515"
},
{
"name": "CVE-2026-5598",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-5598"
},
{
"name": "CVE-2026-34519",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34519"
},
{
"name": "CVE-2018-11797",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11797"
},
{
"name": "CVE-2026-22022",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22022"
},
{
"name": "CVE-2025-8194",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8194"
},
{
"name": "CVE-2026-34304",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34304"
},
{
"name": "CVE-2025-50082",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50082"
},
{
"name": "CVE-2024-23454",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23454"
},
{
"name": "CVE-2025-50097",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50097"
},
{
"name": "CVE-2026-30922",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-30922"
},
{
"name": "CVE-2025-50181",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50181"
},
{
"name": "CVE-2020-10672",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10672"
},
{
"name": "CVE-2024-21742",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21742"
},
{
"name": "CVE-2022-3510",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3510"
},
{
"name": "CVE-2025-50084",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50084"
},
{
"name": "CVE-2022-3509",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3509"
},
{
"name": "CVE-2025-50079",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50079"
},
{
"name": "CVE-2025-1795",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1795"
},
{
"name": "CVE-2019-14439",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14439"
},
{
"name": "CVE-2025-4517",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4517"
},
{
"name": "CVE-2021-37533",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-37533"
},
{
"name": "CVE-2025-21574",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21574"
},
{
"name": "CVE-2018-8017",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-8017"
},
{
"name": "CVE-2020-10969",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10969"
},
{
"name": "CVE-2024-8184",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8184"
},
{
"name": "CVE-2026-21948",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21948"
},
{
"name": "CVE-2025-11143",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11143"
},
{
"name": "CVE-2025-52999",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-52999"
},
{
"name": "CVE-2025-21580",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21580"
},
{
"name": "CVE-2026-34986",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34986"
},
{
"name": "CVE-2025-53023",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53023"
},
{
"name": "CVE-2025-21575",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21575"
},
{
"name": "CVE-2020-36187",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36187"
},
{
"name": "CVE-2025-4435",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4435"
},
{
"name": "CVE-2017-15691",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-15691"
},
{
"name": "CVE-2024-21634",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21634"
},
{
"name": "CVE-2025-21577",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21577"
},
{
"name": "CVE-2022-38749",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38749"
},
{
"name": "CVE-2026-22002",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22002"
},
{
"name": "CVE-2021-36090",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-36090"
},
{
"name": "CVE-2026-34518",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34518"
},
{
"name": "CVE-2025-68161",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68161"
},
{
"name": "CVE-2016-1000342",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1000342"
},
{
"name": "CVE-2024-5535",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-5535"
},
{
"name": "CVE-2024-29131",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29131"
},
{
"name": "CVE-2018-17197",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-17197"
},
{
"name": "CVE-2024-12718",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12718"
},
{
"name": "CVE-2025-62813",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-62813"
},
{
"name": "CVE-2020-11620",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11620"
},
{
"name": "CVE-2024-12801",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12801"
},
{
"name": "CVE-2024-5642",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-5642"
},
{
"name": "CVE-2026-34308",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34308"
},
{
"name": "CVE-2016-1000339",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1000339"
},
{
"name": "CVE-2018-12022",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12022"
},
{
"name": "CVE-2026-3219",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-3219"
},
{
"name": "CVE-2025-50096",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50096"
},
{
"name": "CVE-2024-47554",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47554"
},
{
"name": "CVE-2023-50291",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-50291"
},
{
"name": "CVE-2018-5968",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5968"
},
{
"name": "CVE-2025-61732",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61732"
},
{
"name": "CVE-2025-21499",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21499"
},
{
"name": "CVE-2023-45803",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45803"
},
{
"name": "CVE-2024-6763",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6763"
},
{
"name": "CVE-2026-27199",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27199"
},
{
"name": "CVE-2025-48976",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48976"
},
{
"name": "CVE-2020-1945",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1945"
},
{
"name": "CVE-2025-30705",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30705"
},
{
"name": "CVE-2021-23926",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23926"
},
{
"name": "CVE-2026-21964",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21964"
},
{
"name": "CVE-2025-8713",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8713"
},
{
"name": "CVE-2025-50088",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50088"
},
{
"name": "CVE-2026-22731",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22731"
},
{
"name": "CVE-2025-66471",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66471"
},
{
"name": "CVE-2025-68146",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68146"
},
{
"name": "CVE-2020-24750",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-24750"
},
{
"name": "CVE-2026-25679",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25679"
},
{
"name": "CVE-2026-21441",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21441"
},
{
"name": "CVE-2025-3730",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3730"
},
{
"name": "CVE-2025-13836",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-13836"
},
{
"name": "CVE-2024-25710",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25710"
},
{
"name": "CVE-2026-34525",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34525"
},
{
"name": "CVE-2024-7254",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7254"
},
{
"name": "CVE-2026-22732",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22732"
},
{
"name": "CVE-2025-50077",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50077"
},
{
"name": "CVE-2020-9492",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-9492"
},
{
"name": "CVE-2025-54988",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-54988"
},
{
"name": "CVE-2026-32274",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32274"
},
{
"name": "CVE-2026-40192",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-40192"
},
{
"name": "CVE-2026-35240",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-35240"
},
{
"name": "CVE-2024-29133",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29133"
},
{
"name": "CVE-2026-22004",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22004"
},
{
"name": "CVE-2025-55163",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55163"
},
{
"name": "CVE-2018-1324",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1324"
},
{
"name": "CVE-2025-10158",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-10158"
},
{
"name": "CVE-2025-50092",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50092"
},
{
"name": "CVE-2025-50099",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50099"
},
{
"name": "CVE-2026-22001",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22001"
},
{
"name": "CVE-2026-32874",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32874"
},
{
"name": "CVE-2025-3263",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3263"
},
{
"name": "CVE-2025-12818",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12818"
},
{
"name": "CVE-2024-35195",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35195"
},
{
"name": "CVE-2026-4539",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4539"
},
{
"name": "CVE-2019-16943",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16943"
},
{
"name": "CVE-2021-31812",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31812"
},
{
"name": "CVE-2026-4519",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4519"
},
{
"name": "CVE-2025-15366",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-15366"
},
{
"name": "CVE-2025-13462",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-13462"
},
{
"name": "CVE-2025-30684",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30684"
},
{
"name": "CVE-2026-32289",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32289"
},
{
"name": "CVE-2026-0865",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0865"
},
{
"name": "CVE-2021-37404",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-37404"
},
{
"name": "CVE-2024-9143",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-9143"
},
{
"name": "CVE-2025-66221",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66221"
},
{
"name": "CVE-2017-7525",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7525"
},
{
"name": "CVE-2025-6051",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6051"
},
{
"name": "CVE-2026-4111",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4111"
},
{
"name": "CVE-2025-50093",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50093"
},
{
"name": "CVE-2025-53069",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53069"
},
{
"name": "CVE-2024-28085",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28085"
},
{
"name": "CVE-2025-66034",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66034"
},
{
"name": "CVE-2019-20330",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20330"
},
{
"name": "CVE-2020-14195",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14195"
},
{
"name": "CVE-2025-21579",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21579"
},
{
"name": "CVE-2018-10237",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10237"
},
{
"name": "CVE-2019-12814",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12814"
},
{
"name": "CVE-2020-35491",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35491"
},
{
"name": "CVE-2019-17531",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17531"
},
{
"name": "CVE-2025-53044",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53044"
},
{
"name": "CVE-2026-3298",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-3298"
},
{
"name": "CVE-2026-6100",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-6100"
},
{
"name": "CVE-2026-21968",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21968"
},
{
"name": "CVE-2026-32280",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32280"
},
{
"name": "CVE-2025-50087",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50087"
},
{
"name": "CVE-2023-43804",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-43804"
},
{
"name": "CVE-2024-47535",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47535"
},
{
"name": "CVE-2024-21232",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21232"
},
{
"name": "CVE-2020-14061",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14061"
},
{
"name": "CVE-2024-9823",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-9823"
},
{
"name": "CVE-2025-61728",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61728"
},
{
"name": "CVE-2022-42004",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42004"
},
{
"name": "CVE-2026-4224",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4224"
},
{
"name": "CVE-2021-22569",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22569"
},
{
"name": "CVE-2025-8714",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8714"
},
{
"name": "CVE-2020-11619",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11619"
},
{
"name": "CVE-2019-12415",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12415"
},
{
"name": "CVE-2025-8869",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8869"
},
{
"name": "CVE-2020-36183",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36183"
},
{
"name": "CVE-2026-25854",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25854"
},
{
"name": "CVE-2026-22015",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22015"
},
{
"name": "CVE-2025-12817",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12817"
},
{
"name": "CVE-2021-22573",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22573"
},
{
"name": "CVE-2026-23949",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23949"
},
{
"name": "CVE-2020-8840",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8840"
},
{
"name": "CVE-2026-1519",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1519"
},
{
"name": "CVE-2026-2332",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2332"
},
{
"name": "CVE-2025-31672",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31672"
},
{
"name": "CVE-2018-11761",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11761"
},
{
"name": "CVE-2025-30721",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30721"
},
{
"name": "CVE-2025-58056",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58056"
},
{
"name": "CVE-2018-11771",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11771"
},
{
"name": "CVE-2025-50091",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50091"
},
{
"name": "CVE-2018-1335",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1335"
},
{
"name": "CVE-2024-47081",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47081"
},
{
"name": "CVE-2026-0915",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0915"
},
{
"name": "CVE-2025-15281",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-15281"
},
{
"name": "CVE-2025-21493",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21493"
},
{
"name": "CVE-2022-41854",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41854"
},
{
"name": "CVE-2018-11762",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11762"
},
{
"name": "CVE-2020-8908",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8908"
},
{
"name": "CVE-2024-6119",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6119"
},
{
"name": "CVE-2026-22733",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22733"
},
{
"name": "CVE-2026-2297",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2297"
},
{
"name": "CVE-2025-58181",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58181"
},
{
"name": "CVE-2025-53054",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53054"
},
{
"name": "CVE-2020-36184",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36184"
},
{
"name": "CVE-2025-47914",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47914"
},
{
"name": "CVE-2026-22005",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22005"
},
{
"name": "CVE-2025-4516",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4516"
},
{
"name": "CVE-2016-1000340",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1000340"
},
{
"name": "CVE-2026-34516",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34516"
},
{
"name": "CVE-2026-1299",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1299"
},
{
"name": "CVE-2020-36180",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36180"
},
{
"name": "CVE-2018-12023",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12023"
},
{
"name": "CVE-2026-3644",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-3644"
},
{
"name": "CVE-2026-27140",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27140"
},
{
"name": "CVE-2022-25857",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25857"
},
{
"name": "CVE-2022-38751",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38751"
},
{
"name": "CVE-2025-50104",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50104"
},
{
"name": "CVE-2025-25193",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-25193"
},
{
"name": "CVE-2018-14720",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14720"
},
{
"name": "CVE-2020-36518",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36518"
},
{
"name": "CVE-2026-29129",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-29129"
},
{
"name": "CVE-2022-31159",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-31159"
},
{
"name": "CVE-2026-22735",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22735"
},
{
"name": "CVE-2026-34517",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34517"
},
{
"name": "CVE-2025-30687",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30687"
},
{
"name": "CVE-2020-15522",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-15522"
},
{
"name": "CVE-2025-50101",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50101"
},
{
"name": "CVE-2024-30171",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-30171"
},
{
"name": "CVE-2018-1339",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1339"
},
{
"name": "CVE-2016-1000352",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1000352"
},
{
"name": "CVE-2026-27139",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27139"
},
{
"name": "CVE-2025-4207",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4207"
},
{
"name": "CVE-2025-9230",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9230"
},
{
"name": "CVE-2025-14009",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-14009"
},
{
"name": "CVE-2025-53040",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53040"
},
{
"name": "CVE-2017-15095",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-15095"
},
{
"name": "CVE-2019-14540",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14540"
},
{
"name": "CVE-2024-36114",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36114"
},
{
"name": "CVE-2019-12086",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12086"
},
{
"name": "CVE-2026-24049",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-24049"
},
{
"name": "CVE-2018-14721",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14721"
},
{
"name": "CVE-2025-48924",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48924"
},
{
"name": "CVE-2026-33810",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33810"
},
{
"name": "CVE-2022-38752",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38752"
},
{
"name": "CVE-2026-34278",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34278"
},
{
"name": "CVE-2025-8916",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8916"
},
{
"name": "CVE-2026-34513",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34513"
},
{
"name": "CVE-2023-24998",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24998"
},
{
"name": "CVE-2026-2003",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2003"
},
{
"name": "CVE-2025-30704",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30704"
},
{
"name": "CVE-2022-38750",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38750"
},
{
"name": "CVE-2026-32282",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32282"
},
{
"name": "CVE-2026-34514",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34514"
},
{
"name": "CVE-2018-11307",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11307"
},
{
"name": "CVE-2024-3651",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-3651"
},
{
"name": "CVE-2025-68121",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68121"
},
{
"name": "CVE-2025-53045",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53045"
},
{
"name": "CVE-2019-10086",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10086"
},
{
"name": "CVE-2020-10968",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10968"
},
{
"name": "CVE-2025-30693",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30693"
},
{
"name": "CVE-2025-2099",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-2099"
},
{
"name": "CVE-2025-1194",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1194"
},
{
"name": "CVE-2025-6638",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6638"
},
{
"name": "CVE-2025-21585",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21585"
},
{
"name": "CVE-2025-14819",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-14819"
},
{
"name": "CVE-2022-42003",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42003"
},
{
"name": "CVE-2026-4786",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4786"
},
{
"name": "CVE-2020-25649",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25649"
},
{
"name": "CVE-2026-27141",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27141"
},
{
"name": "CVE-2023-2976",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2976"
},
{
"name": "CVE-2025-61726",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61726"
},
{
"name": "CVE-2016-1000344",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1000344"
},
{
"name": "CVE-2017-17485",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-17485"
},
{
"name": "CVE-2025-1094",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1094"
},
{
"name": "CVE-2025-53864",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53864"
},
{
"name": "CVE-2017-3164",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3164"
},
{
"name": "CVE-2026-41066",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-41066"
},
{
"name": "CVE-2026-34520",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34520"
},
{
"name": "CVE-2025-53053",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53053"
},
{
"name": "CVE-2025-59419",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59419"
},
{
"name": "CVE-2022-1471",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1471"
},
{
"name": "CVE-2019-14379",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14379"
},
{
"name": "CVE-2026-24880",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-24880"
},
{
"name": "CVE-2021-35515",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35515"
},
{
"name": "CVE-2026-33816",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33816"
},
{
"name": "CVE-2026-2004",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2004"
},
{
"name": "CVE-2026-0672",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0672"
},
{
"name": "CVE-2017-7669",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7669"
},
{
"name": "CVE-2023-32681",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32681"
},
{
"name": "CVE-2025-21581",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21581"
},
{
"name": "CVE-2017-8806",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8806"
},
{
"name": "CVE-2025-41242",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-41242"
},
{
"name": "CVE-2019-0193",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0193"
},
{
"name": "CVE-2022-3171",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3171"
},
{
"name": "CVE-2026-33231",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33231"
},
{
"name": "CVE-2022-30126",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30126"
},
{
"name": "CVE-2025-46392",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46392"
},
{
"name": "CVE-2020-11112",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11112"
},
{
"name": "CVE-2025-30685",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30685"
},
{
"name": "CVE-2018-1000180",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000180"
},
{
"name": "CVE-2025-6921",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6921"
},
{
"name": "CVE-2025-30695",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30695"
},
{
"name": "CVE-2025-30688",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30688"
},
{
"name": "CVE-2023-5752",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5752"
},
{
"name": "CVE-2026-34276",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34276"
},
{
"name": "CVE-2022-24614",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24614"
},
{
"name": "CVE-2026-22815",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22815"
},
{
"name": "CVE-2020-13959",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-13959"
},
{
"name": "CVE-2025-24814",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24814"
},
{
"name": "CVE-2020-11111",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11111"
},
{
"name": "CVE-2020-11979",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11979"
},
{
"name": "CVE-2025-67221",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-67221"
},
{
"name": "CVE-2024-21243",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21243"
},
{
"name": "CVE-2026-33230",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33230"
},
{
"name": "CVE-2021-31811",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31811"
},
{
"name": "CVE-2021-27807",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-27807"
},
{
"name": "CVE-2026-1225",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1225"
},
{
"name": "CVE-2026-24281",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-24281"
},
{
"name": "CVE-2026-1462",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1462"
},
{
"name": "CVE-2025-50083",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50083"
},
{
"name": "CVE-2022-25168",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25168"
},
{
"name": "CVE-2026-34293",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34293"
},
{
"name": "CVE-2020-14060",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14060"
},
{
"name": "CVE-2020-36188",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36188"
},
{
"name": "CVE-2016-1000027",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1000027"
},
{
"name": "CVE-2025-61729",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61729"
},
{
"name": "CVE-2018-11802",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11802"
},
{
"name": "CVE-2025-3777",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3777"
},
{
"name": "CVE-2025-14831",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-14831"
},
{
"name": "CVE-2018-11796",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11796"
},
{
"name": "CVE-2020-13957",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-13957"
},
{
"name": "CVE-2019-14892",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14892"
},
{
"name": "CVE-2025-66418",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66418"
},
{
"name": "CVE-2018-1000632",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000632"
},
{
"name": "CVE-2026-0846",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0846"
},
{
"name": "CVE-2025-48734",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48734"
},
{
"name": "CVE-2025-11226",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11226"
},
{
"name": "CVE-2020-14062",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14062"
}
],
"initial_release_date": "2026-05-11T00:00:00",
"last_revision_date": "2026-05-11T00:00:00",
"links": [],
"reference": "CERTFR-2026-AVI-0556",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2026-05-11T00:00:00.000000"
}
],
"risks": [
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits VMware. Elles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits VMware",
"vendor_advisories": [
{
"published_at": "2026-05-07",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37451",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37451"
},
{
"published_at": "2026-05-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37445",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37445"
},
{
"published_at": "2026-05-07",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37460",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37460"
},
{
"published_at": "2026-05-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37449",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37449"
},
{
"published_at": "2026-05-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37450",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37450"
},
{
"published_at": "2026-05-07",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37466",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37466"
},
{
"published_at": "2026-05-08",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37468",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37468"
},
{
"published_at": "2026-05-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37444",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37444"
},
{
"published_at": "2026-05-07",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37461",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37461"
},
{
"published_at": "2026-05-07",
"title": "Bulletin de s\u00e9curit\u00e9 VMware DSA-2016-11",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37459"
},
{
"published_at": "2026-05-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37446",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37446"
},
{
"published_at": "2026-05-07",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37465",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37465"
},
{
"published_at": "2026-05-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37448",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37448"
},
{
"published_at": "2026-05-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37447",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37447"
},
{
"published_at": "2026-05-07",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37463",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37463"
},
{
"published_at": "2026-05-07",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37452",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37452"
},
{
"published_at": "2026-05-07",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37462",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37462"
},
{
"published_at": "2026-05-07",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37464",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37464"
}
]
}
CERTFR-2026-AVI-0627
Vulnerability from certfr_avis - Published: 2026-05-21 - Updated: 2026-05-21
De multiples vulnérabilités ont été découvertes dans les produits Splunk. Certaines d'entre elles permettent à un attaquant de provoquer un déni de service à distance, une atteinte à la confidentialité des données et un problème de sécurité non spécifié par l'éditeur.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Splunk | Splunk Enterprise | Splunk Enterprise versions 10.2.x antérieures à 10.2.3 | ||
| Splunk | N/A | Splunk AI Toolkit versions 5.7.x antérieures à 5.7.3 | ||
| Splunk | Splunk Cloud Platform | Splunk Cloud Platform versions 9.3.2411 antérieures à 9.3.2411.129 | ||
| Splunk | Splunk Cloud Platform | Splunk Cloud Platform versions 10.3.2512 antérieures à 10.3.2512.9 | ||
| Splunk | Splunk | image Docker Splunk versions 10.2.x antérieures à 10.2.2 | ||
| Splunk | Splunk Cloud Platform | Splunk Cloud Platform versions 10.4.2603 antérieures à 10.4.2603.1 | ||
| Splunk | Splunk AppDynamics Database Agent | Splunk AppDynamics Database Agent versions antérieures à 26.4.0 | ||
| Splunk | Splunk | image Docker Splunk versions 9.4.x antérieures à 9.4.10 | ||
| Splunk | Splunk User Behavior Analytics (UBA) | Splunk User Behavior Analytics versions 5.4.x antérieures à 5.4.5 | ||
| Splunk | Splunk AppDynamics Private Synthetic Agent | Splunk AppDynamics Private Synthetic Agent versions antérieures à 26.4.0 | ||
| Splunk | Splunk AppDynamics Analytics Agent | Splunk AppDynamics Analytics Agent versions antérieures à 26.4.0 | ||
| Splunk | N/A | Splunk AppDynamics Cluster Agent versions antérieures à 26.4.0 | ||
| Splunk | Splunk AppDynamics Machine Agent | Splunk AppDynamics Machine Agent versions antérieures à 26.4.0 | ||
| Splunk | Splunk Cloud Platform | Splunk Cloud Platform versions 10.2.2510 antérieures à 10.2.2510.11 | ||
| Splunk | N/A | Splunk AppDynamics Python Agent versions antérieures à 26.4.1 | ||
| Splunk | Splunk | image Docker Splunk versions 10.0.x antérieures à 10.0.5 | ||
| Splunk | N/A | Splunk Add-on for Tomcat versions 3.3.x antérieures à 3.3.1 | ||
| Splunk | Splunk Cloud Platform | Splunk Cloud Platform versions 10.1.2507 antérieures à 10.1.2507.21 | ||
| Splunk | Splunk Enterprise | Splunk Enterprise versions 10.0.x antérieures à 10.0.6 | ||
| Splunk | N/A | Splunk AppDynamics Apache Web Server Agent versions 25.11.x antérieures à 25.11.1 | ||
| Splunk | Splunk Enterprise | Splunk Enterprise versions 9.4.x antérieures à 9.4.11 | ||
| Splunk | Splunk | image Docker Splunk versions 9.3.x antérieures à 9.3.11 | ||
| Splunk | Splunk Cloud Platform | Splunk Cloud Platform versions 10.0.2503 antérieures à 10.0.2503.13 | ||
| Splunk | Universal Forwarder | Splunk Universal Forwarder versions 9.4.x antérieures à 9.4.11 | ||
| Splunk | Splunk Enterprise | Splunk Enterprise versions 9.3.x antérieures à 9.3.12 | ||
| Splunk | Splunk AppDynamics Java Agent | Splunk AppDynamics Java Agent versions antérieures à 26.4.0 |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Splunk Enterprise versions 10.2.x ant\u00e9rieures \u00e0 10.2.3",
"product": {
"name": "Splunk Enterprise",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk AI Toolkit versions 5.7.x ant\u00e9rieures \u00e0 5.7.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk Cloud Platform versions 9.3.2411 ant\u00e9rieures \u00e0 9.3.2411.129",
"product": {
"name": "Splunk Cloud Platform",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk Cloud Platform versions 10.3.2512 ant\u00e9rieures \u00e0 10.3.2512.9",
"product": {
"name": "Splunk Cloud Platform",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "image Docker Splunk versions 10.2.x ant\u00e9rieures \u00e0 10.2.2",
"product": {
"name": "Splunk",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk Cloud Platform versions 10.4.2603 ant\u00e9rieures \u00e0 10.4.2603.1",
"product": {
"name": "Splunk Cloud Platform",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk AppDynamics Database Agent versions ant\u00e9rieures \u00e0 26.4.0",
"product": {
"name": "Splunk AppDynamics Database Agent",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "image Docker Splunk versions 9.4.x ant\u00e9rieures \u00e0 9.4.10",
"product": {
"name": "Splunk",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk User Behavior Analytics versions 5.4.x ant\u00e9rieures \u00e0 5.4.5",
"product": {
"name": "Splunk User Behavior Analytics (UBA)",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk AppDynamics Private Synthetic Agent versions ant\u00e9rieures \u00e0 26.4.0",
"product": {
"name": "Splunk AppDynamics Private Synthetic Agent",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk AppDynamics Analytics Agent versions ant\u00e9rieures \u00e0 26.4.0",
"product": {
"name": "Splunk AppDynamics Analytics Agent",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk AppDynamics Cluster Agent versions ant\u00e9rieures \u00e0 26.4.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk AppDynamics Machine Agent versions ant\u00e9rieures \u00e0 26.4.0",
"product": {
"name": "Splunk AppDynamics Machine Agent",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk Cloud Platform versions 10.2.2510 ant\u00e9rieures \u00e0 10.2.2510.11",
"product": {
"name": "Splunk Cloud Platform",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk AppDynamics Python Agent versions ant\u00e9rieures \u00e0 26.4.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "image Docker Splunk versions 10.0.x ant\u00e9rieures \u00e0 10.0.5",
"product": {
"name": "Splunk",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk Add-on for Tomcat versions 3.3.x ant\u00e9rieures \u00e0 3.3.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk Cloud Platform versions 10.1.2507 ant\u00e9rieures \u00e0 10.1.2507.21",
"product": {
"name": "Splunk Cloud Platform",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk Enterprise versions 10.0.x ant\u00e9rieures \u00e0 10.0.6",
"product": {
"name": "Splunk Enterprise",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk AppDynamics Apache Web Server Agent versions 25.11.x ant\u00e9rieures \u00e0 25.11.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk Enterprise versions 9.4.x ant\u00e9rieures \u00e0 9.4.11",
"product": {
"name": "Splunk Enterprise",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "image Docker Splunk versions 9.3.x ant\u00e9rieures \u00e0 9.3.11",
"product": {
"name": "Splunk",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk Cloud Platform versions 10.0.2503 ant\u00e9rieures \u00e0 10.0.2503.13",
"product": {
"name": "Splunk Cloud Platform",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk Universal Forwarder versions 9.4.x ant\u00e9rieures \u00e0 9.4.11",
"product": {
"name": "Universal Forwarder",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk Enterprise versions 9.3.x ant\u00e9rieures \u00e0 9.3.12",
"product": {
"name": "Splunk Enterprise",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk AppDynamics Java Agent versions ant\u00e9rieures \u00e0 26.4.0",
"product": {
"name": "Splunk AppDynamics Java Agent",
"vendor": {
"name": "Splunk",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2026-26007",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-26007"
},
{
"name": "CVE-2024-24790",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24790"
},
{
"name": "CVE-2025-58436",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58436"
},
{
"name": "CVE-2018-19361",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-19361"
},
{
"name": "CVE-2023-0216",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0216"
},
{
"name": "CVE-2026-32777",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32777"
},
{
"name": "CVE-2025-61730",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61730"
},
{
"name": "CVE-2024-5321",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-5321"
},
{
"name": "CVE-2019-17267",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17267"
},
{
"name": "CVE-2026-41324",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-41324"
},
{
"name": "CVE-2024-1597",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-1597"
},
{
"name": "CVE-2026-42308",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42308"
},
{
"name": "CVE-2023-0401",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0401"
},
{
"name": "CVE-2026-21933",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21933"
},
{
"name": "CVE-2025-29775",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-29775"
},
{
"name": "CVE-2026-3543",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-3543"
},
{
"name": "CVE-2026-21932",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21932"
},
{
"name": "CVE-2018-19362",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-19362"
},
{
"name": "CVE-2025-66199",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66199"
},
{
"name": "CVE-2025-15282",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-15282"
},
{
"name": "CVE-2026-33871",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33871"
},
{
"name": "CVE-2026-22737",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22737"
},
{
"name": "CVE-2023-43642",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-43642"
},
{
"name": "CVE-2025-68384",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68384"
},
{
"name": "CVE-2024-9681",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-9681"
},
{
"name": "CVE-2025-58190",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58190"
},
{
"name": "CVE-2025-68973",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68973"
},
{
"name": "CVE-2026-21637",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21637"
},
{
"name": "CVE-2024-37891",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-37891"
},
{
"name": "CVE-2026-22801",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22801"
},
{
"name": "CVE-2026-42309",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42309"
},
{
"name": "CVE-2023-49082",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-49082"
},
{
"name": "CVE-2023-1370",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1370"
},
{
"name": "CVE-2026-39892",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-39892"
},
{
"name": "CVE-2026-33186",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33186"
},
{
"name": "CVE-2018-14719",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14719"
},
{
"name": "CVE-2024-4068",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4068"
},
{
"name": "CVE-2025-22872",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22872"
},
{
"name": "CVE-2025-29774",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-29774"
},
{
"name": "CVE-2025-28164",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-28164"
},
{
"name": "CVE-2026-3540",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-3540"
},
{
"name": "CVE-2024-10220",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-10220"
},
{
"name": "CVE-2024-45339",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45339"
},
{
"name": "CVE-2020-9546",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-9546"
},
{
"name": "CVE-2025-46762",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46762"
},
{
"name": "CVE-2023-37920",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-37920"
},
{
"name": "CVE-2025-68156",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68156"
},
{
"name": "CVE-2026-25990",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25990"
},
{
"name": "CVE-2026-32288",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32288"
},
{
"name": "CVE-2022-45868",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45868"
},
{
"name": "CVE-2025-69223",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-69223"
},
{
"name": "CVE-2025-47907",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47907"
},
{
"name": "CVE-2020-10673",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10673"
},
{
"name": "CVE-2024-12797",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12797"
},
{
"name": "CVE-2025-30065",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30065"
},
{
"name": "CVE-2025-12084",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12084"
},
{
"name": "CVE-2024-12086",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12086"
},
{
"name": "CVE-2024-25638",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25638"
},
{
"name": "CVE-2025-49146",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49146"
},
{
"name": "CVE-2026-34876",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34876"
},
{
"name": "CVE-2025-4432",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4432"
},
{
"name": "CVE-2023-5590",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5590"
},
{
"name": "CVE-2025-11468",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11468"
},
{
"name": "CVE-2020-36181",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36181"
},
{
"name": "CVE-2020-9548",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-9548"
},
{
"name": "CVE-2020-36182",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36182"
},
{
"name": "CVE-2025-6069",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6069"
},
{
"name": "CVE-2020-24616",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-24616"
},
{
"name": "CVE-2025-69419",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-69419"
},
{
"name": "CVE-2025-6075",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6075"
},
{
"name": "CVE-2026-27456",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27456"
},
{
"name": "CVE-2025-4330",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4330"
},
{
"name": "CVE-2025-58060",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58060"
},
{
"name": "CVE-2020-36185",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36185"
},
{
"name": "CVE-2023-50782",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-50782"
},
{
"name": "CVE-2025-4138",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4138"
},
{
"name": "CVE-2025-61731",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61731"
},
{
"name": "CVE-2023-0215",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0215"
},
{
"name": "CVE-2026-1605",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1605"
},
{
"name": "CVE-2022-25647",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25647"
},
{
"name": "CVE-2023-0286",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0286"
},
{
"name": "CVE-2026-27143",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27143"
},
{
"name": "CVE-2024-47561",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47561"
},
{
"name": "CVE-2019-16942",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16942"
},
{
"name": "CVE-2026-3061",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-3061"
},
{
"name": "CVE-2026-27171",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27171"
},
{
"name": "CVE-2020-9547",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-9547"
},
{
"name": "CVE-2026-3731",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-3731"
},
{
"name": "CVE-2020-36179",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36179"
},
{
"name": "CVE-2026-35469",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-35469"
},
{
"name": "CVE-2026-3062",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-3062"
},
{
"name": "CVE-2018-14718",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14718"
},
{
"name": "CVE-2020-10650",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10650"
},
{
"name": "CVE-2024-24791",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24791"
},
{
"name": "CVE-2026-1861",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1861"
},
{
"name": "CVE-2025-66516",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66516"
},
{
"name": "CVE-2023-4807",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4807"
},
{
"name": "CVE-2023-2251",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2251"
},
{
"name": "CVE-2026-25833",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25833"
},
{
"name": "CVE-2024-13176",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-13176"
},
{
"name": "CVE-2025-49844",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49844"
},
{
"name": "CVE-2020-36186",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36186"
},
{
"name": "CVE-2025-15467",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-15467"
},
{
"name": "CVE-2020-36189",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36189"
},
{
"name": "CVE-2024-58251",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58251"
},
{
"name": "CVE-2019-20444",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20444"
},
{
"name": "CVE-2025-9820",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9820"
},
{
"name": "CVE-2020-35490",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35490"
},
{
"name": "CVE-2026-33870",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33870"
},
{
"name": "CVE-2026-22690",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22690"
},
{
"name": "CVE-2025-55130",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55130"
},
{
"name": "CVE-2023-34454",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34454"
},
{
"name": "CVE-2022-46337",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-46337"
},
{
"name": "CVE-2021-20190",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20190"
},
{
"name": "CVE-2021-35516",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35516"
},
{
"name": "CVE-2026-3544",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-3544"
},
{
"name": "CVE-2024-12084",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12084"
},
{
"name": "CVE-2023-44487",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
},
{
"name": "CVE-2024-29857",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29857"
},
{
"name": "CVE-2020-13949",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-13949"
},
{
"name": "CVE-2018-19360",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-19360"
},
{
"name": "CVE-2026-2648",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2648"
},
{
"name": "CVE-2023-47627",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-47627"
},
{
"name": "CVE-2026-40200",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-40200"
},
{
"name": "CVE-2024-13009",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-13009"
},
{
"name": "CVE-2026-27025",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27025"
},
{
"name": "CVE-2025-55131",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55131"
},
{
"name": "CVE-2026-32778",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32778"
},
{
"name": "CVE-2026-5121",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-5121"
},
{
"name": "CVE-2024-12798",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12798"
},
{
"name": "CVE-2025-0938",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0938"
},
{
"name": "CVE-2025-27210",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27210"
},
{
"name": "CVE-2019-16335",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16335"
},
{
"name": "CVE-2023-34453",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34453"
},
{
"name": "CVE-2022-40149",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40149"
},
{
"name": "CVE-2024-41996",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41996"
},
{
"name": "CVE-2025-50106",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50106"
},
{
"name": "CVE-2025-59465",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59465"
},
{
"name": "CVE-2023-3635",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3635"
},
{
"name": "CVE-2026-21715",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21715"
},
{
"name": "CVE-2020-1971",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1971"
},
{
"name": "CVE-2026-34073",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34073"
},
{
"name": "CVE-2026-27144",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27144"
},
{
"name": "CVE-2018-7489",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7489"
},
{
"name": "CVE-2025-58057",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58057"
},
{
"name": "CVE-2025-8291",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8291"
},
{
"name": "CVE-2026-22795",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22795"
},
{
"name": "CVE-2026-32283",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32283"
},
{
"name": "CVE-2019-14893",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14893"
},
{
"name": "CVE-2019-10202",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10202"
},
{
"name": "CVE-2026-25834",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25834"
},
{
"name": "CVE-2026-21925",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21925"
},
{
"name": "CVE-2026-3537",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-3537"
},
{
"name": "CVE-2024-34158",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34158"
},
{
"name": "CVE-2025-30754",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30754"
},
{
"name": "CVE-2025-69225",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-69225"
},
{
"name": "CVE-2025-62718",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-62718"
},
{
"name": "CVE-2026-27024",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27024"
},
{
"name": "CVE-2023-0217",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0217"
},
{
"name": "CVE-2021-35517",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35517"
},
{
"name": "CVE-2026-4424",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4424"
},
{
"name": "CVE-2025-67030",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-67030"
},
{
"name": "CVE-2026-34877",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34877"
},
{
"name": "CVE-2026-32281",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32281"
},
{
"name": "CVE-2026-27142",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27142"
},
{
"name": "CVE-2026-28389",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28389"
},
{
"name": "CVE-2021-23358",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23358"
},
{
"name": "CVE-2025-31133",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31133"
},
{
"name": "CVE-2025-8194",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8194"
},
{
"name": "CVE-2024-11053",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11053"
},
{
"name": "CVE-2024-7264",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7264"
},
{
"name": "CVE-2026-34875",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34875"
},
{
"name": "CVE-2026-21717",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21717"
},
{
"name": "CVE-2025-64505",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-64505"
},
{
"name": "CVE-2025-69227",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-69227"
},
{
"name": "CVE-2025-50181",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50181"
},
{
"name": "CVE-2020-10672",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10672"
},
{
"name": "CVE-2022-3510",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3510"
},
{
"name": "CVE-2022-3509",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3509"
},
{
"name": "CVE-2025-1795",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1795"
},
{
"name": "CVE-2021-28165",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-28165"
},
{
"name": "CVE-2025-69421",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-69421"
},
{
"name": "CVE-2021-37137",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-37137"
},
{
"name": "CVE-2019-14439",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14439"
},
{
"name": "CVE-2025-4517",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4517"
},
{
"name": "CVE-2025-58188",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58188"
},
{
"name": "CVE-2026-34478",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34478"
},
{
"name": "CVE-2026-33055",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33055"
},
{
"name": "CVE-2025-4674",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4674"
},
{
"name": "CVE-2025-4565",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4565"
},
{
"name": "CVE-2025-11143",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11143"
},
{
"name": "CVE-2026-34480",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34480"
},
{
"name": "CVE-2017-7658",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7658"
},
{
"name": "CVE-2026-27699",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27699"
},
{
"name": "CVE-2022-40150",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40150"
},
{
"name": "CVE-2025-47911",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47911"
},
{
"name": "CVE-2025-28162",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-28162"
},
{
"name": "CVE-2023-22946",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22946"
},
{
"name": "CVE-2026-33228",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33228"
},
{
"name": "CVE-2020-36187",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36187"
},
{
"name": "CVE-2026-40175",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-40175"
},
{
"name": "CVE-2025-13151",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-13151"
},
{
"name": "CVE-2025-4435",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4435"
},
{
"name": "CVE-2024-21634",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21634"
},
{
"name": "CVE-2021-36090",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-36090"
},
{
"name": "CVE-2026-21716",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21716"
},
{
"name": "CVE-2025-64506",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-64506"
},
{
"name": "CVE-2024-53899",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53899"
},
{
"name": "CVE-2025-68161",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68161"
},
{
"name": "CVE-2026-28351",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28351"
},
{
"name": "CVE-2025-52881",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-52881"
},
{
"name": "CVE-2023-34455",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34455"
},
{
"name": "CVE-2024-5535",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-5535"
},
{
"name": "CVE-2024-29131",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29131"
},
{
"name": "CVE-2025-22868",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22868"
},
{
"name": "CVE-2025-14174",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-14174"
},
{
"name": "CVE-2024-12718",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12718"
},
{
"name": "CVE-2026-22796",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22796"
},
{
"name": "CVE-2025-64720",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-64720"
},
{
"name": "CVE-2024-30251",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-30251"
},
{
"name": "CVE-2020-11620",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11620"
},
{
"name": "CVE-2026-2650",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2650"
},
{
"name": "CVE-2026-3541",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-3541"
},
{
"name": "CVE-2024-12801",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12801"
},
{
"name": "CVE-2021-37136",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-37136"
},
{
"name": "CVE-2018-12022",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12022"
},
{
"name": "CVE-2026-3539",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-3539"
},
{
"name": "CVE-2026-34874",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34874"
},
{
"name": "CVE-2026-21712",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21712"
},
{
"name": "CVE-2018-5968",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5968"
},
{
"name": "CVE-2025-61732",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61732"
},
{
"name": "CVE-2024-27306",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27306"
},
{
"name": "CVE-2025-61723",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61723"
},
{
"name": "CVE-2025-9232",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9232"
},
{
"name": "CVE-2024-8775",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8775"
},
{
"name": "CVE-2026-3538",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-3538"
},
{
"name": "CVE-2025-55159",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55159"
},
{
"name": "CVE-2025-55132",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55132"
},
{
"name": "CVE-2026-22702",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22702"
},
{
"name": "CVE-2025-46394",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46394"
},
{
"name": "CVE-2025-66471",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66471"
},
{
"name": "CVE-2020-24750",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-24750"
},
{
"name": "CVE-2026-25679",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25679"
},
{
"name": "CVE-2026-21441",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21441"
},
{
"name": "CVE-2024-45337",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45337"
},
{
"name": "CVE-2025-13836",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-13836"
},
{
"name": "CVE-2023-39410",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39410"
},
{
"name": "CVE-2025-68390",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68390"
},
{
"name": "CVE-2024-11079",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11079"
},
{
"name": "CVE-2026-22732",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22732"
},
{
"name": "CVE-2025-61725",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61725"
},
{
"name": "CVE-2026-25210",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25210"
},
{
"name": "CVE-2026-28387",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28387"
},
{
"name": "CVE-2025-65018",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-65018"
},
{
"name": "CVE-2026-28388",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28388"
},
{
"name": "CVE-2026-40192",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-40192"
},
{
"name": "CVE-2025-66293",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66293"
},
{
"name": "CVE-2024-35195",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35195"
},
{
"name": "CVE-2019-16943",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16943"
},
{
"name": "CVE-2026-32289",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32289"
},
{
"name": "CVE-2026-0865",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0865"
},
{
"name": "CVE-2026-21714",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21714"
},
{
"name": "CVE-2024-12087",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12087"
},
{
"name": "CVE-2017-7525",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7525"
},
{
"name": "CVE-2026-4111",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4111"
},
{
"name": "CVE-2026-24515",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-24515"
},
{
"name": "CVE-2024-26130",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26130"
},
{
"name": "CVE-2019-20330",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20330"
},
{
"name": "CVE-2024-41110",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41110"
},
{
"name": "CVE-2025-50059",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50059"
},
{
"name": "CVE-2026-2441",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2441"
},
{
"name": "CVE-2020-14195",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14195"
},
{
"name": "CVE-2025-69228",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-69228"
},
{
"name": "CVE-2024-34156",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34156"
},
{
"name": "CVE-2020-35491",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35491"
},
{
"name": "CVE-2019-17531",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17531"
},
{
"name": "CVE-2025-1948",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1948"
},
{
"name": "CVE-2026-32280",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32280"
},
{
"name": "CVE-2025-27553",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27553"
},
{
"name": "CVE-2025-30761",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30761"
},
{
"name": "CVE-2022-4450",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4450"
},
{
"name": "CVE-2026-27888",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27888"
},
{
"name": "CVE-2024-7592",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7592"
},
{
"name": "CVE-2026-33056",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33056"
},
{
"name": "CVE-2026-25835",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25835"
},
{
"name": "CVE-2025-68160",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68160"
},
{
"name": "CVE-2022-3996",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3996"
},
{
"name": "CVE-2020-14061",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14061"
},
{
"name": "CVE-2025-52565",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-52565"
},
{
"name": "CVE-2017-7657",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7657"
},
{
"name": "CVE-2025-67735",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-67735"
},
{
"name": "CVE-2025-61728",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61728"
},
{
"name": "CVE-2026-0965",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0965"
},
{
"name": "CVE-2020-36242",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36242"
},
{
"name": "CVE-2022-42004",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42004"
},
{
"name": "CVE-2022-40023",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40023"
},
{
"name": "CVE-2020-11619",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11619"
},
{
"name": "CVE-2025-9086",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9086"
},
{
"name": "CVE-2026-34872",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34872"
},
{
"name": "CVE-2025-58187",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58187"
},
{
"name": "CVE-2024-29371",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29371"
},
{
"name": "CVE-2020-36183",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36183"
},
{
"name": "CVE-2026-3542",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-3542"
},
{
"name": "CVE-2023-49081",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-49081"
},
{
"name": "CVE-2020-8840",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8840"
},
{
"name": "CVE-2026-34871",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34871"
},
{
"name": "CVE-2025-22871",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22871"
},
{
"name": "CVE-2025-69226",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-69226"
},
{
"name": "CVE-2026-3536",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-3536"
},
{
"name": "CVE-2026-28390",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28390"
},
{
"name": "CVE-2019-0205",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0205"
},
{
"name": "CVE-2024-32650",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-32650"
},
{
"name": "CVE-2026-34873",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34873"
},
{
"name": "CVE-2026-6042",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-6042"
},
{
"name": "CVE-2024-47081",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47081"
},
{
"name": "CVE-2019-10172",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10172"
},
{
"name": "CVE-2025-47913",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47913"
},
{
"name": "CVE-2024-55549",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-55549"
},
{
"name": "CVE-2024-0397",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0397"
},
{
"name": "CVE-2020-36184",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36184"
},
{
"name": "CVE-2026-0967",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0967"
},
{
"name": "CVE-2025-69418",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-69418"
},
{
"name": "CVE-2025-4516",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4516"
},
{
"name": "CVE-2025-22869",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22869"
},
{
"name": "CVE-2025-59466",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59466"
},
{
"name": "CVE-2025-15468",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-15468"
},
{
"name": "CVE-2026-25639",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25639"
},
{
"name": "CVE-2026-21713",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21713"
},
{
"name": "CVE-2020-36180",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36180"
},
{
"name": "CVE-2018-12023",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12023"
},
{
"name": "CVE-2026-0968",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0968"
},
{
"name": "CVE-2026-27140",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27140"
},
{
"name": "CVE-2018-14720",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14720"
},
{
"name": "CVE-2024-52304",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-52304"
},
{
"name": "CVE-2020-36518",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36518"
},
{
"name": "CVE-2026-21945",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21945"
},
{
"name": "CVE-2023-5408",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5408"
},
{
"name": "CVE-2025-69277",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-69277"
},
{
"name": "CVE-2026-25541",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25541"
},
{
"name": "CVE-2026-31789",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31789"
},
{
"name": "CVE-2026-22735",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22735"
},
{
"name": "CVE-2026-42311",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42311"
},
{
"name": "CVE-2026-20239",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20239"
},
{
"name": "CVE-2025-24855",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24855"
},
{
"name": "CVE-2026-3063",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-3063"
},
{
"name": "CVE-2019-0210",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0210"
},
{
"name": "CVE-2025-30749",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30749"
},
{
"name": "CVE-2024-27308",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27308"
},
{
"name": "CVE-2026-42310",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42310"
},
{
"name": "CVE-2026-22695",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22695"
},
{
"name": "CVE-2026-27139",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27139"
},
{
"name": "CVE-2026-20240",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20240"
},
{
"name": "CVE-2023-49083",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-49083"
},
{
"name": "CVE-2017-15095",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-15095"
},
{
"name": "CVE-2019-14540",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14540"
},
{
"name": "CVE-2024-36114",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36114"
},
{
"name": "CVE-2019-12086",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12086"
},
{
"name": "CVE-2018-14721",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14721"
},
{
"name": "CVE-2025-48924",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48924"
},
{
"name": "CVE-2026-33810",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33810"
},
{
"name": "CVE-2025-66566",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66566"
},
{
"name": "CVE-2025-11187",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11187"
},
{
"name": "CVE-2017-7656",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7656"
},
{
"name": "CVE-2026-27026",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27026"
},
{
"name": "CVE-2026-2673",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2673"
},
{
"name": "CVE-2018-20225",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-20225"
},
{
"name": "CVE-2026-32282",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32282"
},
{
"name": "CVE-2018-11307",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11307"
},
{
"name": "CVE-2024-3651",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-3651"
},
{
"name": "CVE-2025-68121",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68121"
},
{
"name": "CVE-2024-12088",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12088"
},
{
"name": "CVE-2025-14819",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-14819"
},
{
"name": "CVE-2022-42003",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42003"
},
{
"name": "CVE-2020-25649",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25649"
},
{
"name": "CVE-2026-27141",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27141"
},
{
"name": "CVE-2023-2976",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2976"
},
{
"name": "CVE-2025-61726",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61726"
},
{
"name": "CVE-2017-17485",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-17485"
},
{
"name": "CVE-2026-1584",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1584"
},
{
"name": "CVE-2026-20238",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20238"
},
{
"name": "CVE-2024-23829",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23829"
},
{
"name": "CVE-2025-59464",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59464"
},
{
"name": "CVE-2025-30153",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30153"
},
{
"name": "CVE-2026-32141",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32141"
},
{
"name": "CVE-2019-14379",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14379"
},
{
"name": "CVE-2025-69229",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-69229"
},
{
"name": "CVE-2021-35515",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35515"
},
{
"name": "CVE-2026-3545",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-3545"
},
{
"name": "CVE-2025-30204",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30204"
},
{
"name": "CVE-2026-28804",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28804"
},
{
"name": "CVE-2026-34477",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34477"
},
{
"name": "CVE-2025-53057",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53057"
},
{
"name": "CVE-2022-3171",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3171"
},
{
"name": "CVE-2026-2649",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2649"
},
{
"name": "CVE-2024-39689",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39689"
},
{
"name": "CVE-2025-37731",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37731"
},
{
"name": "CVE-2026-24688",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-24688"
},
{
"name": "CVE-2026-32776",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32776"
},
{
"name": "CVE-2025-12183",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12183"
},
{
"name": "CVE-2019-16869",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16869"
},
{
"name": "CVE-2025-68119",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68119"
},
{
"name": "CVE-2025-7338",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-7338"
},
{
"name": "CVE-2022-23491",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23491"
},
{
"name": "CVE-2025-53066",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53066"
},
{
"name": "CVE-2026-22691",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22691"
},
{
"name": "CVE-2026-27628",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27628"
},
{
"name": "CVE-2025-69420",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-69420"
},
{
"name": "CVE-2025-47273",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47273"
},
{
"name": "CVE-2026-1225",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1225"
},
{
"name": "CVE-2020-14060",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14060"
},
{
"name": "CVE-2026-31790",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31790"
},
{
"name": "CVE-2020-36188",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36188"
},
{
"name": "CVE-2025-61729",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61729"
},
{
"name": "CVE-2024-6345",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6345"
},
{
"name": "CVE-2025-14831",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-14831"
},
{
"name": "CVE-2024-23334",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23334"
},
{
"name": "CVE-2019-14892",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14892"
},
{
"name": "CVE-2026-21710",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21710"
},
{
"name": "CVE-2025-66418",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66418"
},
{
"name": "CVE-2019-20445",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20445"
},
{
"name": "CVE-2025-11226",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11226"
},
{
"name": "CVE-2020-14062",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14062"
}
],
"initial_release_date": "2026-05-21T00:00:00",
"last_revision_date": "2026-05-21T00:00:00",
"links": [],
"reference": "CERTFR-2026-AVI-0627",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2026-05-21T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Splunk. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Splunk",
"vendor_advisories": [
{
"published_at": "2026-05-20",
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2026-0512",
"url": "https://advisory.splunk.com/advisories/SVD-2026-0512"
},
{
"published_at": "2026-05-20",
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2026-0513",
"url": "https://advisory.splunk.com/advisories/SVD-2026-0513"
},
{
"published_at": "2026-05-20",
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2026-0509",
"url": "https://advisory.splunk.com/advisories/SVD-2026-0509"
},
{
"published_at": "2026-05-20",
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2026-0510",
"url": "https://advisory.splunk.com/advisories/SVD-2026-0510"
},
{
"published_at": "2026-05-20",
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2026-0505",
"url": "https://advisory.splunk.com/advisories/SVD-2026-0505"
},
{
"published_at": "2026-05-20",
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2026-0515",
"url": "https://advisory.splunk.com/advisories/SVD-2026-0515"
},
{
"published_at": "2026-05-20",
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2026-0507",
"url": "https://advisory.splunk.com/advisories/SVD-2026-0507"
},
{
"published_at": "2026-05-20",
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2026-0506",
"url": "https://advisory.splunk.com/advisories/SVD-2026-0506"
},
{
"published_at": "2026-05-20",
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2026-0508",
"url": "https://advisory.splunk.com/advisories/SVD-2026-0508"
},
{
"published_at": "2026-05-20",
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2026-0504",
"url": "https://advisory.splunk.com/advisories/SVD-2026-0504"
},
{
"published_at": "2026-05-20",
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2026-0514",
"url": "https://advisory.splunk.com/advisories/SVD-2026-0514"
},
{
"published_at": "2026-05-20",
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2026-0516",
"url": "https://advisory.splunk.com/advisories/SVD-2026-0516"
},
{
"published_at": "2026-05-13",
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2026-0501",
"url": "https://advisory.splunk.com/advisories/SVD-2026-0501"
},
{
"published_at": "2026-05-20",
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2026-0503",
"url": "https://advisory.splunk.com/advisories/SVD-2026-0503"
},
{
"published_at": "2026-05-20",
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2026-0511",
"url": "https://advisory.splunk.com/advisories/SVD-2026-0511"
},
{
"published_at": "2026-05-20",
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2026-0502",
"url": "https://advisory.splunk.com/advisories/SVD-2026-0502"
}
]
}
CNVD-2017-27693
Vulnerability from cnvd - Published: 2017-09-21
VLAI
Title
FasterXML Jackson-databind远程代码执行漏洞
Description
FasterXML Jackson是美国FasterXML公司的一款用于Java的数据处理工具。Jackson-databind是其中的一个具有数据绑定功能的组件。
FasterXML Jackson-databind中存在远程代码执行漏洞。攻击者可利用该漏洞在受影响的应用程序上下文中执行任意代码或造成拒绝服务。
Severity
高
Formal description
厂商尚未提供漏洞修复方案,请关注厂商主页更新: http://wiki.fasterxml.com/JacksonHome
Reference
http://www.securityfocus.com/bid/99623
Impacted products
| Name | ['FasterXML FasterXML', 'FasterXML jackson-databind 2.8.9', 'FasterXML jackson-databind 2.8.8', 'FasterXML jackson-databind 2.8.7', 'FasterXML jackson-databind 2.8.8.1', 'FasterXML jackson-databind 2.7.9.1', 'FasterXML jackson-databind 2.6.7.1'] |
|---|
{
"bids": {
"bid": {
"bidNumber": "99623"
}
},
"cves": {
"cve": {
"cveNumber": "CVE-2017-7525"
}
},
"description": "FasterXML Jackson\u662f\u7f8e\u56fdFasterXML\u516c\u53f8\u7684\u4e00\u6b3e\u7528\u4e8eJava\u7684\u6570\u636e\u5904\u7406\u5de5\u5177\u3002Jackson-databind\u662f\u5176\u4e2d\u7684\u4e00\u4e2a\u5177\u6709\u6570\u636e\u7ed1\u5b9a\u529f\u80fd\u7684\u7ec4\u4ef6\u3002\r\n\r\nFasterXML Jackson-databind\u4e2d\u5b58\u5728\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5728\u53d7\u5f71\u54cd\u7684\u5e94\u7528\u7a0b\u5e8f\u4e0a\u4e0b\u6587\u4e2d\u6267\u884c\u4efb\u610f\u4ee3\u7801\u6216\u9020\u6210\u62d2\u7edd\u670d\u52a1\u3002",
"discovererName": "Liao Xinxi (NSFOCUS)",
"formalWay": "\u5382\u5546\u5c1a\u672a\u63d0\u4f9b\u6f0f\u6d1e\u4fee\u590d\u65b9\u6848\uff0c\u8bf7\u5173\u6ce8\u5382\u5546\u4e3b\u9875\u66f4\u65b0\uff1a\r\nhttp://wiki.fasterxml.com/JacksonHome",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2017-27693",
"openTime": "2017-09-21",
"products": {
"product": [
"FasterXML FasterXML",
"FasterXML jackson-databind 2.8.9",
"FasterXML jackson-databind 2.8.8",
"FasterXML jackson-databind 2.8.7",
"FasterXML jackson-databind 2.8.8.1",
"FasterXML jackson-databind 2.7.9.1",
"FasterXML jackson-databind 2.6.7.1"
]
},
"referenceLink": "http://www.securityfocus.com/bid/99623",
"serverity": "\u9ad8",
"submitTime": "2017-08-01",
"title": "FasterXML Jackson-databind\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e"
}
FKIE_CVE-2017-7525
Vulnerability from fkie_nvd - Published: 2018-02-06 15:29 - Updated: 2024-11-21 03:32
Severity
Summary
A deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper.
References
| URL | Tags | ||
|---|---|---|---|
| secalert@redhat.com | http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html | Patch, Third Party Advisory | |
| secalert@redhat.com | http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html | Patch, Third Party Advisory | |
| secalert@redhat.com | http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html | Patch, Third Party Advisory | |
| secalert@redhat.com | http://www.securityfocus.com/bid/99623 | Third Party Advisory, VDB Entry | |
| secalert@redhat.com | http://www.securitytracker.com/id/1039744 | Third Party Advisory, VDB Entry | |
| secalert@redhat.com | http://www.securitytracker.com/id/1039947 | Third Party Advisory, VDB Entry | |
| secalert@redhat.com | http://www.securitytracker.com/id/1040360 | Third Party Advisory, VDB Entry | |
| secalert@redhat.com | https://access.redhat.com/errata/RHSA-2017:1834 | Third Party Advisory | |
| secalert@redhat.com | https://access.redhat.com/errata/RHSA-2017:1835 | Third Party Advisory | |
| secalert@redhat.com | https://access.redhat.com/errata/RHSA-2017:1836 | Third Party Advisory | |
| secalert@redhat.com | https://access.redhat.com/errata/RHSA-2017:1837 | Third Party Advisory | |
| secalert@redhat.com | https://access.redhat.com/errata/RHSA-2017:1839 | Third Party Advisory | |
| secalert@redhat.com | https://access.redhat.com/errata/RHSA-2017:1840 | Third Party Advisory | |
| secalert@redhat.com | https://access.redhat.com/errata/RHSA-2017:2477 | Third Party Advisory | |
| secalert@redhat.com | https://access.redhat.com/errata/RHSA-2017:2546 | Third Party Advisory | |
| secalert@redhat.com | https://access.redhat.com/errata/RHSA-2017:2547 | Third Party Advisory | |
| secalert@redhat.com | https://access.redhat.com/errata/RHSA-2017:2633 | Third Party Advisory | |
| secalert@redhat.com | https://access.redhat.com/errata/RHSA-2017:2635 | Third Party Advisory | |
| secalert@redhat.com | https://access.redhat.com/errata/RHSA-2017:2636 | Third Party Advisory | |
| secalert@redhat.com | https://access.redhat.com/errata/RHSA-2017:2637 | Third Party Advisory | |
| secalert@redhat.com | https://access.redhat.com/errata/RHSA-2017:2638 | Third Party Advisory | |
| secalert@redhat.com | https://access.redhat.com/errata/RHSA-2017:3141 | Third Party Advisory | |
| secalert@redhat.com | https://access.redhat.com/errata/RHSA-2017:3454 | Third Party Advisory | |
| secalert@redhat.com | https://access.redhat.com/errata/RHSA-2017:3455 | Third Party Advisory | |
| secalert@redhat.com | https://access.redhat.com/errata/RHSA-2017:3456 | Third Party Advisory | |
| secalert@redhat.com | https://access.redhat.com/errata/RHSA-2017:3458 | Third Party Advisory | |
| secalert@redhat.com | https://access.redhat.com/errata/RHSA-2018:0294 | Third Party Advisory | |
| secalert@redhat.com | https://access.redhat.com/errata/RHSA-2018:0342 | Third Party Advisory | |
| secalert@redhat.com | https://access.redhat.com/errata/RHSA-2018:1449 | Third Party Advisory | |
| secalert@redhat.com | https://access.redhat.com/errata/RHSA-2018:1450 | Third Party Advisory | |
| secalert@redhat.com | https://access.redhat.com/errata/RHSA-2019:0910 | Third Party Advisory | |
| secalert@redhat.com | https://access.redhat.com/errata/RHSA-2019:2858 | Third Party Advisory | |
| secalert@redhat.com | https://access.redhat.com/errata/RHSA-2019:3149 | Third Party Advisory | |
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=1462702 | Issue Tracking, Third Party Advisory | |
| secalert@redhat.com | https://cwiki.apache.org/confluence/display/WW/S2-055 | Third Party Advisory | |
| secalert@redhat.com | https://github.com/FasterXML/jackson-databind/issues/1599 | Issue Tracking, Patch, Third Party Advisory | |
| secalert@redhat.com | https://github.com/FasterXML/jackson-databind/issues/1723 | Issue Tracking, Third Party Advisory | |
| secalert@redhat.com | https://lists.apache.org/thread.html/3c87dc8bca99a2b3b4743713b33d1de05b1d6b761fdf316224e9c81f%40%3Cdev.lucene.apache.org%3E | ||
| secalert@redhat.com | https://lists.apache.org/thread.html/4641ed8616ccc2c1fbddac2c3dc9900c96387bc226eaf0232d61909b%40%3Ccommits.cassandra.apache.org%3E | ||
| secalert@redhat.com | https://lists.apache.org/thread.html/5008bcbd45ee65ce39e4220b6ac53d28a24d6bc67d5804e9773a7399%40%3Csolr-user.lucene.apache.org%3E | ||
| secalert@redhat.com | https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451%40%3Csolr-user.lucene.apache.org%3E | ||
| secalert@redhat.com | https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe%40%3Ccommits.druid.apache.org%3E | ||
| secalert@redhat.com | https://lists.apache.org/thread.html/b1f33fe5ade396bb903fdcabe9f243f7692c7dfce5418d3743c2d346%40%3Cdev.lucene.apache.org%3E | ||
| secalert@redhat.com | https://lists.apache.org/thread.html/c10a2bf0fdc3d25faf17bd191d6ec46b29a353fa9c97bebd7c4e5913%40%3Cdev.lucene.apache.org%3E | ||
| secalert@redhat.com | https://lists.apache.org/thread.html/c2ed4c0126b43e324cf740012a0edd371fd36096fd777be7bfe7a2a6%40%3Cdev.lucene.apache.org%3E | ||
| secalert@redhat.com | https://lists.apache.org/thread.html/c9d5ff20929e8a3c8794facf4c4b326a9c10618812eec356caa20b87%40%3Csolr-user.lucene.apache.org%3E | ||
| secalert@redhat.com | https://lists.apache.org/thread.html/f095a791bda6c0595f691eddd0febb2d396987eec5cbd29120d8c629%40%3Csolr-user.lucene.apache.org%3E | ||
| secalert@redhat.com | https://lists.apache.org/thread.html/f60afd3c7e9ebaaf70fad4a4beb75cf8740ac959017a31e7006c7486%40%3Cdev.lucene.apache.org%3E | ||
| secalert@redhat.com | https://lists.apache.org/thread.html/r42ac3e39e6265db12d9fc6ae1cd4b5fea7aed9830dc6f6d58228fed7%40%3Ccommits.cassandra.apache.org%3E | ||
| secalert@redhat.com | https://lists.apache.org/thread.html/r68acf97f4526ba59a33cc6e592261ea4f85d890f99e79c82d57dd589%40%3Cissues.spark.apache.org%3E | ||
| secalert@redhat.com | https://lists.apache.org/thread.html/rf7f87810c38dc9abf9f93989f76008f504cbf7c1a355214640b2d04c%40%3Ccommits.cassandra.apache.org%3E | ||
| secalert@redhat.com | https://lists.debian.org/debian-lts-announce/2020/01/msg00037.html | Mailing List, Third Party Advisory | |
| secalert@redhat.com | https://lists.debian.org/debian-lts-announce/2020/08/msg00039.html | Mailing List, Third Party Advisory | |
| secalert@redhat.com | https://security.netapp.com/advisory/ntap-20171214-0002/ | Third Party Advisory | |
| secalert@redhat.com | https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03902en_us | Third Party Advisory | |
| secalert@redhat.com | https://www.debian.org/security/2017/dsa-4004 | Third Party Advisory | |
| secalert@redhat.com | https://www.oracle.com/security-alerts/cpuoct2020.html | Third Party Advisory | |
| secalert@redhat.com | https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html | Patch, Third Party Advisory | |
| secalert@redhat.com | https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html | Patch, Third Party Advisory | |
| secalert@redhat.com | https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/99623 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1039744 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1039947 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1040360 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2017:1834 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2017:1835 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2017:1836 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2017:1837 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2017:1839 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2017:1840 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2017:2477 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2017:2546 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2017:2547 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2017:2633 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2017:2635 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2017:2636 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2017:2637 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2017:2638 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2017:3141 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2017:3454 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2017:3455 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2017:3456 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2017:3458 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2018:0294 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2018:0342 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2018:1449 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2018:1450 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2019:0910 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2019:2858 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2019:3149 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=1462702 | Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cwiki.apache.org/confluence/display/WW/S2-055 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/FasterXML/jackson-databind/issues/1599 | Issue Tracking, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/FasterXML/jackson-databind/issues/1723 | Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread.html/3c87dc8bca99a2b3b4743713b33d1de05b1d6b761fdf316224e9c81f%40%3Cdev.lucene.apache.org%3E | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread.html/4641ed8616ccc2c1fbddac2c3dc9900c96387bc226eaf0232d61909b%40%3Ccommits.cassandra.apache.org%3E | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread.html/5008bcbd45ee65ce39e4220b6ac53d28a24d6bc67d5804e9773a7399%40%3Csolr-user.lucene.apache.org%3E | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451%40%3Csolr-user.lucene.apache.org%3E | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe%40%3Ccommits.druid.apache.org%3E | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread.html/b1f33fe5ade396bb903fdcabe9f243f7692c7dfce5418d3743c2d346%40%3Cdev.lucene.apache.org%3E | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread.html/c10a2bf0fdc3d25faf17bd191d6ec46b29a353fa9c97bebd7c4e5913%40%3Cdev.lucene.apache.org%3E | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread.html/c2ed4c0126b43e324cf740012a0edd371fd36096fd777be7bfe7a2a6%40%3Cdev.lucene.apache.org%3E | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread.html/c9d5ff20929e8a3c8794facf4c4b326a9c10618812eec356caa20b87%40%3Csolr-user.lucene.apache.org%3E | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread.html/f095a791bda6c0595f691eddd0febb2d396987eec5cbd29120d8c629%40%3Csolr-user.lucene.apache.org%3E | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread.html/f60afd3c7e9ebaaf70fad4a4beb75cf8740ac959017a31e7006c7486%40%3Cdev.lucene.apache.org%3E | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread.html/r42ac3e39e6265db12d9fc6ae1cd4b5fea7aed9830dc6f6d58228fed7%40%3Ccommits.cassandra.apache.org%3E | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread.html/r68acf97f4526ba59a33cc6e592261ea4f85d890f99e79c82d57dd589%40%3Cissues.spark.apache.org%3E | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread.html/rf7f87810c38dc9abf9f93989f76008f504cbf7c1a355214640b2d04c%40%3Ccommits.cassandra.apache.org%3E | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2020/01/msg00037.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2020/08/msg00039.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.netapp.com/advisory/ntap-20171214-0002/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03902en_us | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.debian.org/security/2017/dsa-4004 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.oracle.com/security-alerts/cpuoct2020.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html | Patch, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| fasterxml | jackson-databind | * | |
| fasterxml | jackson-databind | * | |
| fasterxml | jackson-databind | * | |
| fasterxml | jackson-databind | 2.9.0 | |
| fasterxml | jackson-databind | 2.9.0 | |
| debian | debian_linux | 8.0 | |
| debian | debian_linux | 9.0 | |
| netapp | oncommand_balance | - | |
| netapp | oncommand_performance_manager | - | |
| netapp | oncommand_performance_manager | - | |
| netapp | oncommand_shift | - | |
| netapp | snapcenter | - | |
| redhat | openshift_container_platform | 4.1 | |
| redhat | virtualization | 4.0 | |
| redhat | virtualization_host | 4.0 | |
| redhat | enterprise_linux_server | 7.0 | |
| redhat | jboss_enterprise_application_platform | 6.0.0 | |
| redhat | jboss_enterprise_application_platform | 6.4.0 | |
| redhat | jboss_enterprise_application_platform | 7.0 | |
| redhat | jboss_enterprise_application_platform | 7.1 | |
| redhat | enterprise_linux_server | 6.0 | |
| redhat | enterprise_linux_server | 7.0 | |
| redhat | jboss_enterprise_application_platform | 6.0.0 | |
| redhat | jboss_enterprise_application_platform | 6.4.0 | |
| redhat | enterprise_linux_server | 5.0 | |
| redhat | openshift_container_platform | 3.11 | |
| oracle | banking_platform | 2.5.0 | |
| oracle | banking_platform | 2.6.0 | |
| oracle | banking_platform | 2.6.1 | |
| oracle | banking_platform | 2.6.2 | |
| oracle | communications_billing_and_revenue_management | 7.5 | |
| oracle | communications_billing_and_revenue_management | 12.0 | |
| oracle | communications_communications_policy_management | * | |
| oracle | communications_diameter_signaling_route | * | |
| oracle | communications_instant_messaging_server | 10.0.1 | |
| oracle | communications_instant_messaging_server | 10.0.1.2.0 | |
| oracle | enterprise_manager_for_virtualization | 13.2.2 | |
| oracle | enterprise_manager_for_virtualization | 13.2.3 | |
| oracle | enterprise_manager_for_virtualization | 13.3.1 | |
| oracle | financial_services_analytical_applications_infrastructure | 8.0.2.0.0 | |
| oracle | financial_services_analytical_applications_infrastructure | 8.0.3.0.0 | |
| oracle | financial_services_analytical_applications_infrastructure | 8.0.4.0.0 | |
| oracle | financial_services_analytical_applications_infrastructure | 8.0.5.0.0 | |
| oracle | financial_services_analytical_applications_infrastructure | 8.0.6.0.0 | |
| oracle | financial_services_analytical_applications_infrastructure | 8.0.7.0.0 | |
| oracle | global_lifecycle_management_opatchauto | * | |
| oracle | primavera_unifier | * | |
| oracle | primavera_unifier | 16.1 | |
| oracle | primavera_unifier | 16.2 | |
| oracle | primavera_unifier | 18.8 | |
| oracle | utilities_advanced_spatial_and_operational_analytics | 2.7.0.1 | |
| oracle | webcenter_portal | 12.2.1.3.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2BD0008C-1562-400E-9E79-973384BAE68C",
"versionEndExcluding": "2.6.7.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*",
"matchCriteriaId": "350AD21A-F820-4106-BA80-84595398977D",
"versionEndExcluding": "2.7.9.1",
"versionStartIncluding": "2.7.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*",
"matchCriteriaId": "20D21D56-9399-40C1-A187-C0628E71EE56",
"versionEndExcluding": "2.8.9",
"versionStartIncluding": "2.8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fasterxml:jackson-databind:2.9.0:prerelease1:*:*:*:*:*:*",
"matchCriteriaId": "0BDA05E4-4693-4AA0-843B-476059E345CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fasterxml:jackson-databind:2.9.0:prerelease2:*:*:*:*:*:*",
"matchCriteriaId": "CF988893-BBEE-4BE3-949F-E4B8158B3046",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:oncommand_balance:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7DCBCC5D-C396-47A8-ADF4-D3A2C4377FB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:oncommand_performance_manager:-:*:*:*:*:linux:*:*",
"matchCriteriaId": "54E72B69-4E04-42A3-B532-53E98C6796D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:oncommand_performance_manager:-:*:*:*:*:vmware_vsphere:*:*",
"matchCriteriaId": "698C6261-679D-45C1-A396-57AC96AD64D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:oncommand_shift:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3BD81527-A341-42C3-9AB9-880D3DB04B08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BDFB1169-41A0-4A86-8E4F-FDA9730B1E94",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:openshift_container_platform:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "064E7BDD-4EF0-4A0D-A38D-8C75BAFEDCEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:virtualization:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6BBD7A51-0590-4DDF-8249-5AFA8D645CB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:virtualization_host:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BB28F9AF-3D06-4532-B397-96D7E4792503",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B142ACCC-F7A9-4A3B-BE60-0D6691D5058D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B1ABA871-3271-48E2-A69C-5AD70AF94E53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "88BF3B2C-B121-483A-AEF2-8082F6DA5310",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7117F117-D439-45EB-BB95-397E5E52C9BB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B142ACCC-F7A9-4A3B-BE60-0D6691D5058D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B1ABA871-3271-48E2-A69C-5AD70AF94E53",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "54D669D4-6D7E-449D-80C1-28FA44F06FFE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*",
"matchCriteriaId": "2F87326E-0B56-4356-A889-73D026DB1D4B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:banking_platform:2.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "35AD0C07-9688-4397-8D45-FBB88C0F0C11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:banking_platform:2.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8972497F-6E24-45A9-9A18-EB0E842CB1D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:banking_platform:2.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "400509A8-D6F2-432C-A2F1-AD5B8778D0D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:banking_platform:2.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "132CE62A-FBFC-4001-81EC-35D81F73AF48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_billing_and_revenue_management:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E6039DC7-08F2-4DD9-B5B5-B6B22DD2409F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7231AF76-3D46-41C4-83E9-6E9E12940BD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_communications_policy_management:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2914F3C1-E05D-4F70-A87F-D74A7F2AD163",
"versionEndIncluding": "12.5.2",
"versionStartIncluding": "12.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_diameter_signaling_route:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7867B73E-38DD-4333-9D6B-868AAF299ABB",
"versionEndExcluding": "8.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "622B95F1-8FA4-4AA6-9B68-5FE4302BA150",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9615B3B8-B176-4359-97B5-D2E2FEE5BFEA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:enterprise_manager_for_virtualization:13.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A9E97F04-00ED-48E9-AB40-7A02B3419641",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:enterprise_manager_for_virtualization:13.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FCCE5A11-39E7-4BBB-9E1A-BA4B754103BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:enterprise_manager_for_virtualization:13.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A5AEC7F5-C353-4CF5-96CE-8C713A2B0C92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CDBFC313-007A-427A-A23E-A8ACA726FC8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6DF4622A-CDCB-4247-B0C4-6256A3F1D032",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "31A03EBE-1A06-4D25-B534-A6B0A9446751",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7BF30373-5239-4D7D-8FDD-E48668CD7BF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.6.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9D7C353B-A4D8-44D2-AB6E-8830EA1A4BEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.7.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8F1CFFE2-56BE-4CD4-9791-3C8B0E3ABE1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:global_lifecycle_management_opatchauto:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C54D621E-E274-47EA-95A4-123B82BD4DD9",
"versionEndExcluding": "12.2.0.1.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B8249A74-C34A-4F66-8F11-F7F50F8813BF",
"versionEndIncluding": "17.12",
"versionStartIncluding": "17.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:primavera_unifier:16.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D55A54FD-7DD1-49CD-BE81-0BE73990943C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:primavera_unifier:16.2:*:*:*:*:*:*:*",
"matchCriteriaId": "82EB08C0-2D46-4635-88DF-E54F6452D3A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*",
"matchCriteriaId": "202AD518-2E9B-4062-B063-9858AE1F9CE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:utilities_advanced_spatial_and_operational_analytics:2.7.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6FD0EC40-B96B-4E9C-9A81-4E65C4B9512E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:webcenter_portal:12.2.1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D6A4F71A-4269-40FC-8F61-1D1301F2B728",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper."
},
{
"lang": "es",
"value": "Se ha descubierto un error de deserializaci\u00f3n en jackson-databind, en versiones anteriores a la 2.6.7.1, 2.7.9.1 y a la 2.8.9, que podr\u00eda permitir que un usuario no autenticado ejecute c\u00f3digo enviando las entradas maliciosamente manipuladas al m\u00e9todo readValue de ObjectMapper."
}
],
"id": "CVE-2017-7525",
"lastModified": "2024-11-21T03:32:04.613",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-02-06T15:29:00.297",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/99623"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1039744"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1039947"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1040360"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1834"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1835"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1836"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1837"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1839"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1840"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2477"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2546"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2547"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2633"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2635"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2636"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2637"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2638"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3141"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3454"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3455"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3456"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3458"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0294"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0342"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1449"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1450"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0910"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2858"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3149"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1462702"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://cwiki.apache.org/confluence/display/WW/S2-055"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/FasterXML/jackson-databind/issues/1599"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/FasterXML/jackson-databind/issues/1723"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.apache.org/thread.html/3c87dc8bca99a2b3b4743713b33d1de05b1d6b761fdf316224e9c81f%40%3Cdev.lucene.apache.org%3E"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.apache.org/thread.html/4641ed8616ccc2c1fbddac2c3dc9900c96387bc226eaf0232d61909b%40%3Ccommits.cassandra.apache.org%3E"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.apache.org/thread.html/5008bcbd45ee65ce39e4220b6ac53d28a24d6bc67d5804e9773a7399%40%3Csolr-user.lucene.apache.org%3E"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451%40%3Csolr-user.lucene.apache.org%3E"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe%40%3Ccommits.druid.apache.org%3E"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.apache.org/thread.html/b1f33fe5ade396bb903fdcabe9f243f7692c7dfce5418d3743c2d346%40%3Cdev.lucene.apache.org%3E"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.apache.org/thread.html/c10a2bf0fdc3d25faf17bd191d6ec46b29a353fa9c97bebd7c4e5913%40%3Cdev.lucene.apache.org%3E"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.apache.org/thread.html/c2ed4c0126b43e324cf740012a0edd371fd36096fd777be7bfe7a2a6%40%3Cdev.lucene.apache.org%3E"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.apache.org/thread.html/c9d5ff20929e8a3c8794facf4c4b326a9c10618812eec356caa20b87%40%3Csolr-user.lucene.apache.org%3E"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.apache.org/thread.html/f095a791bda6c0595f691eddd0febb2d396987eec5cbd29120d8c629%40%3Csolr-user.lucene.apache.org%3E"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.apache.org/thread.html/f60afd3c7e9ebaaf70fad4a4beb75cf8740ac959017a31e7006c7486%40%3Cdev.lucene.apache.org%3E"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.apache.org/thread.html/r42ac3e39e6265db12d9fc6ae1cd4b5fea7aed9830dc6f6d58228fed7%40%3Ccommits.cassandra.apache.org%3E"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.apache.org/thread.html/r68acf97f4526ba59a33cc6e592261ea4f85d890f99e79c82d57dd589%40%3Cissues.spark.apache.org%3E"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.apache.org/thread.html/rf7f87810c38dc9abf9f93989f76008f504cbf7c1a355214640b2d04c%40%3Ccommits.cassandra.apache.org%3E"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00037.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00039.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20171214-0002/"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03902en_us"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2017/dsa-4004"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/99623"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1039744"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1039947"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1040360"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1834"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1835"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1836"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1837"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1839"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1840"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2477"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2546"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2547"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2633"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2635"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2636"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2637"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2638"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3141"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3454"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3455"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3456"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3458"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0294"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0342"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1449"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1450"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0910"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2858"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3149"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1462702"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://cwiki.apache.org/confluence/display/WW/S2-055"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/FasterXML/jackson-databind/issues/1599"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/FasterXML/jackson-databind/issues/1723"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/3c87dc8bca99a2b3b4743713b33d1de05b1d6b761fdf316224e9c81f%40%3Cdev.lucene.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/4641ed8616ccc2c1fbddac2c3dc9900c96387bc226eaf0232d61909b%40%3Ccommits.cassandra.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/5008bcbd45ee65ce39e4220b6ac53d28a24d6bc67d5804e9773a7399%40%3Csolr-user.lucene.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451%40%3Csolr-user.lucene.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe%40%3Ccommits.druid.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/b1f33fe5ade396bb903fdcabe9f243f7692c7dfce5418d3743c2d346%40%3Cdev.lucene.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/c10a2bf0fdc3d25faf17bd191d6ec46b29a353fa9c97bebd7c4e5913%40%3Cdev.lucene.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/c2ed4c0126b43e324cf740012a0edd371fd36096fd777be7bfe7a2a6%40%3Cdev.lucene.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/c9d5ff20929e8a3c8794facf4c4b326a9c10618812eec356caa20b87%40%3Csolr-user.lucene.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/f095a791bda6c0595f691eddd0febb2d396987eec5cbd29120d8c629%40%3Csolr-user.lucene.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/f60afd3c7e9ebaaf70fad4a4beb75cf8740ac959017a31e7006c7486%40%3Cdev.lucene.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r42ac3e39e6265db12d9fc6ae1cd4b5fea7aed9830dc6f6d58228fed7%40%3Ccommits.cassandra.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r68acf97f4526ba59a33cc6e592261ea4f85d890f99e79c82d57dd589%40%3Cissues.spark.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rf7f87810c38dc9abf9f93989f76008f504cbf7c1a355214640b2d04c%40%3Ccommits.cassandra.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00037.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00039.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20171214-0002/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03902en_us"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2017/dsa-4004"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-184"
}
],
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-502"
}
],
"source": "nvd@nist.gov",
"type": "Secondary"
}
]
}
GHSA-QXXX-2PP7-5HMX
Vulnerability from github – Published: 2018-10-16 17:21 – Updated: 2024-03-01 21:41
VLAI
Summary
jackson-databind is vulnerable to a deserialization flaw
Details
A deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper.
Severity
9.8 (Critical)
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 2.6.7.0"
},
"package": {
"ecosystem": "Maven",
"name": "com.fasterxml.jackson.core:jackson-databind"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.6.7.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 2.7.9.0"
},
"package": {
"ecosystem": "Maven",
"name": "com.fasterxml.jackson.core:jackson-databind"
},
"ranges": [
{
"events": [
{
"introduced": "2.7.0"
},
{
"fixed": "2.7.9.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "com.fasterxml.jackson.core:jackson-databind"
},
"ranges": [
{
"events": [
{
"introduced": "2.8.0"
},
{
"fixed": "2.8.9"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2017-7525"
],
"database_specific": {
"cwe_ids": [
"CWE-184",
"CWE-502"
],
"github_reviewed": true,
"github_reviewed_at": "2020-06-16T21:53:14Z",
"nvd_published_at": "2018-02-06T15:29:00Z",
"severity": "CRITICAL"
},
"details": "A deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper.",
"id": "GHSA-qxxx-2pp7-5hmx",
"modified": "2024-03-01T21:41:47Z",
"published": "2018-10-16T17:21:35Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7525"
},
{
"type": "WEB",
"url": "https://github.com/FasterXML/jackson-databind/issues/1723"
},
{
"type": "WEB",
"url": "https://github.com/FasterXML/jackson-databind/issues/1599"
},
{
"type": "WEB",
"url": "https://github.com/FasterXML/jackson-databind/commit/fd8dec2c7fab8b4b4bd60502a0f1d63ec23c24da"
},
{
"type": "WEB",
"url": "https://github.com/FasterXML/jackson-databind/commit/fa87c1ddbe803ebb7295f5c2ebfe38e12f6e6162"
},
{
"type": "WEB",
"url": "https://github.com/FasterXML/jackson-databind/commit/3bfbb835e530055c1941ddf87fde0b08d08dcd38"
},
{
"type": "WEB",
"url": "https://github.com/FasterXML/jackson-databind/commit/60d459cedcf079c6106ae7da2ac562bc32dcabe1"
},
{
"type": "WEB",
"url": "https://github.com/FasterXML/jackson-databind/commit/680d75b011edd67a2d2a2e9980998a968194c2ef"
},
{
"type": "WEB",
"url": "https://github.com/FasterXML/jackson-databind/commit/6ce32ffd18facac6abdbbf559c817b47fcb622c1"
},
{
"type": "WEB",
"url": "https://github.com/FasterXML/jackson-databind/commit/90042692085deeb05ae75c569c9909f7dba24415"
},
{
"type": "ADVISORY",
"url": "https://github.com/advisories/GHSA-qxxx-2pp7-5hmx"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/3c87dc8bca99a2b3b4743713b33d1de05b1d6b761fdf316224e9c81f@%3Cdev.lucene.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/4641ed8616ccc2c1fbddac2c3dc9900c96387bc226eaf0232d61909b@%3Ccommits.cassandra.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/5008bcbd45ee65ce39e4220b6ac53d28a24d6bc67d5804e9773a7399@%3Csolr-user.lucene.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451@%3Csolr-user.lucene.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe@%3Ccommits.druid.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/b1f33fe5ade396bb903fdcabe9f243f7692c7dfce5418d3743c2d346@%3Cdev.lucene.apache.org%3E"
},
{
"type": "WEB",
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
},
{
"type": "WEB",
"url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
},
{
"type": "WEB",
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2017/dsa-4004"
},
{
"type": "WEB",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03902en_us"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20171214-0002"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00039.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00037.html"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/rf7f87810c38dc9abf9f93989f76008f504cbf7c1a355214640b2d04c@%3Ccommits.cassandra.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r68acf97f4526ba59a33cc6e592261ea4f85d890f99e79c82d57dd589@%3Cissues.spark.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r42ac3e39e6265db12d9fc6ae1cd4b5fea7aed9830dc6f6d58228fed7@%3Ccommits.cassandra.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/f60afd3c7e9ebaaf70fad4a4beb75cf8740ac959017a31e7006c7486@%3Cdev.lucene.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/f095a791bda6c0595f691eddd0febb2d396987eec5cbd29120d8c629@%3Csolr-user.lucene.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/c9d5ff20929e8a3c8794facf4c4b326a9c10618812eec356caa20b87@%3Csolr-user.lucene.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/c2ed4c0126b43e324cf740012a0edd371fd36096fd777be7bfe7a2a6@%3Cdev.lucene.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/c10a2bf0fdc3d25faf17bd191d6ec46b29a353fa9c97bebd7c4e5913@%3Cdev.lucene.apache.org%3E"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2017:1834"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2017:1835"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2017:1836"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2017:1837"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2017:1839"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2017:1840"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2017:2477"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2017:2546"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2017:2547"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2017:2633"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2017:2635"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2017:2636"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2017:2637"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2017:2638"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2017:3141"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2017:3454"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2017:3455"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2017:3456"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2017:3458"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2018:0294"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2018:0342"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2018:1449"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2018:1450"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2019:0910"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2019:2858"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2019:3149"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1462702"
},
{
"type": "WEB",
"url": "https://cwiki.apache.org/confluence/display/WW/S2-055"
},
{
"type": "PACKAGE",
"url": "https://github.com/FasterXML/jackson-databind"
},
{
"type": "WEB",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
},
{
"type": "WEB",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"type": "WEB",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "jackson-databind is vulnerable to a deserialization flaw"
}
GSD-2017-7525
Vulnerability from gsd - Updated: 2023-12-13 01:21Details
A deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2017-7525",
"description": "A deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper.",
"id": "GSD-2017-7525",
"references": [
"https://www.suse.com/security/cve/CVE-2017-7525.html",
"https://www.debian.org/security/2017/dsa-4004",
"https://access.redhat.com/errata/RHSA-2019:3149",
"https://access.redhat.com/errata/RHSA-2019:2858",
"https://access.redhat.com/errata/RHSA-2019:0910",
"https://access.redhat.com/errata/RHSA-2018:1450",
"https://access.redhat.com/errata/RHSA-2018:1449",
"https://access.redhat.com/errata/RHSA-2018:0342",
"https://access.redhat.com/errata/RHSA-2018:0294",
"https://access.redhat.com/errata/RHSA-2017:3458",
"https://access.redhat.com/errata/RHSA-2017:3456",
"https://access.redhat.com/errata/RHSA-2017:3455",
"https://access.redhat.com/errata/RHSA-2017:3454",
"https://access.redhat.com/errata/RHSA-2017:3141",
"https://access.redhat.com/errata/RHSA-2017:2638",
"https://access.redhat.com/errata/RHSA-2017:2637",
"https://access.redhat.com/errata/RHSA-2017:2636",
"https://access.redhat.com/errata/RHSA-2017:2635",
"https://access.redhat.com/errata/RHSA-2017:2633",
"https://access.redhat.com/errata/RHSA-2017:2547",
"https://access.redhat.com/errata/RHSA-2017:2546",
"https://access.redhat.com/errata/RHSA-2017:2477",
"https://access.redhat.com/errata/RHSA-2017:1840",
"https://access.redhat.com/errata/RHSA-2017:1839",
"https://access.redhat.com/errata/RHSA-2017:1837",
"https://access.redhat.com/errata/RHSA-2017:1836",
"https://access.redhat.com/errata/RHSA-2017:1835",
"https://access.redhat.com/errata/RHSA-2017:1834",
"https://ubuntu.com/security/CVE-2017-7525",
"https://advisories.mageia.org/CVE-2017-7525.html",
"https://packetstormsecurity.com/files/cve/CVE-2017-7525"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2017-7525"
],
"details": "A deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper.",
"id": "GSD-2017-7525",
"modified": "2023-12-13T01:21:07.156961Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"DATE_PUBLIC": "2017-04-11T00:00:00",
"ID": "CVE-2017-7525",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "jackson-databind",
"version": {
"version_data": [
{
"version_value": "before 2.6.7.1"
},
{
"version_value": "before 2.7.9.1"
},
{
"version_value": "before 2.8.9"
}
]
}
}
]
},
"vendor_name": "FasterXML"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-184"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1040360",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040360"
},
{
"name": "RHSA-2017:1840",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1840"
},
{
"name": "RHSA-2017:2547",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2547"
},
{
"name": "RHSA-2017:1836",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1836"
},
{
"name": "RHSA-2017:1835",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1835"
},
{
"name": "RHSA-2018:1449",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1449"
},
{
"name": "1039744",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039744"
},
{
"name": "1039947",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039947"
},
{
"name": "RHSA-2017:2635",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2635"
},
{
"name": "RHSA-2017:2638",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2638"
},
{
"name": "RHSA-2018:1450",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1450"
},
{
"name": "RHSA-2017:3458",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:3458"
},
{
"name": "RHSA-2018:0294",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0294"
},
{
"name": "RHSA-2017:1837",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1837"
},
{
"name": "RHSA-2017:1834",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1834"
},
{
"name": "RHSA-2017:2546",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2546"
},
{
"name": "RHSA-2017:2636",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2636"
},
{
"name": "RHSA-2017:3455",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:3455"
},
{
"name": "RHSA-2017:2477",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2477"
},
{
"name": "RHSA-2017:3456",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:3456"
},
{
"name": "RHSA-2018:0342",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0342"
},
{
"name": "RHSA-2017:1839",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1839"
},
{
"name": "99623",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99623"
},
{
"name": "RHSA-2017:2637",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2637"
},
{
"name": "RHSA-2017:3454",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:3454"
},
{
"name": "DSA-4004",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2017/dsa-4004"
},
{
"name": "RHSA-2017:3141",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:3141"
},
{
"name": "RHSA-2017:2633",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2633"
},
{
"name": "[lucene-solr-user] 20190104 Re: SOLR v7 Security Issues Caused Denial of Use - Sonatype Application Composition Report",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451@%3Csolr-user.lucene.apache.org%3E"
},
{
"name": "[lucene-dev] 20190325 [jira] [Closed] (SOLR-13110) CVE-2017-7525 Threat Level 9 Against Solr v7.6. org.codehaus.jackson : jackson-mapper-asl : 1.9.13. .A deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, ...",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/f60afd3c7e9ebaaf70fad4a4beb75cf8740ac959017a31e7006c7486@%3Cdev.lucene.apache.org%3E"
},
{
"name": "[lucene-dev] 20190325 [jira] [Updated] (SOLR-13110) CVE-2017-7525 Threat Level 9 Against Solr v7.6. org.codehaus.jackson : jackson-mapper-asl : 1.9.13. .A deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, ...",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/3c87dc8bca99a2b3b4743713b33d1de05b1d6b761fdf316224e9c81f@%3Cdev.lucene.apache.org%3E"
},
{
"name": "[lucene-dev] 20190325 [jira] [Assigned] (SOLR-13110) CVE-2017-7525 Threat Level 9 Against Solr v7.6. org.codehaus.jackson : jackson-mapper-asl : 1.9.13. .A deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, ...",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/c2ed4c0126b43e324cf740012a0edd371fd36096fd777be7bfe7a2a6@%3Cdev.lucene.apache.org%3E"
},
{
"name": "[lucene-dev] 20190325 [jira] [Resolved] (SOLR-13110) CVE-2017-7525 Threat Level 9 Against Solr v7.6. org.codehaus.jackson : jackson-mapper-asl : 1.9.13. .A deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, ...",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/c10a2bf0fdc3d25faf17bd191d6ec46b29a353fa9c97bebd7c4e5913@%3Cdev.lucene.apache.org%3E"
},
{
"name": "[lucene-dev] 20190325 [jira] [Updated] (SOLR-13110) CVE-2017-7525 Threat Level 9 Against Solr v7.6. org.codehaus.jackson : jackson-mapper-asl : 1.9.13. .A deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, ...",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/b1f33fe5ade396bb903fdcabe9f243f7692c7dfce5418d3743c2d346@%3Cdev.lucene.apache.org%3E"
},
{
"name": "RHSA-2019:0910",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:0910"
},
{
"name": "RHSA-2019:2858",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2858"
},
{
"name": "RHSA-2019:3149",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:3149"
},
{
"name": "[cassandra-commits] 20191113 [jira] [Created] (CASSANDRA-15416) CVE-2017-7525 ( jackson-databind is vulnerable to Remote Code Execution) on version 3.11.4",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/4641ed8616ccc2c1fbddac2c3dc9900c96387bc226eaf0232d61909b@%3Ccommits.cassandra.apache.org%3E"
},
{
"name": "[druid-commits] 20191115 [GitHub] [incubator-druid] ccaominh opened a new pull request #8878: Address security vulnerabilities",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe@%3Ccommits.druid.apache.org%3E"
},
{
"name": "[lucene-solr-user] 20191218 CVE-2017-7525 fix for Solr 7.7.x",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/5008bcbd45ee65ce39e4220b6ac53d28a24d6bc67d5804e9773a7399@%3Csolr-user.lucene.apache.org%3E"
},
{
"name": "[lucene-solr-user] 20191218 Re: CVE-2017-7525 fix for Solr 7.7.x",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/c9d5ff20929e8a3c8794facf4c4b326a9c10618812eec356caa20b87@%3Csolr-user.lucene.apache.org%3E"
},
{
"name": "[lucene-solr-user] 20191219 Re: CVE-2017-7525 fix for Solr 7.7.x",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/f095a791bda6c0595f691eddd0febb2d396987eec5cbd29120d8c629@%3Csolr-user.lucene.apache.org%3E"
},
{
"name": "[debian-lts-announce] 20200131 [SECURITY] [DLA 2091-1] libjackson-json-java security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00037.html"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
},
{
"name": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
"refsource": "CONFIRM",
"url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
},
{
"name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
"refsource": "MISC",
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
"refsource": "MISC",
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
},
{
"name": "[debian-lts-announce] 20200824 [SECURITY] [DLA 2342-1] libjackson-json-java security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00039.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpuoct2020.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03902en_us",
"refsource": "CONFIRM",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03902en_us"
},
{
"name": "https://github.com/FasterXML/jackson-databind/issues/1723",
"refsource": "CONFIRM",
"url": "https://github.com/FasterXML/jackson-databind/issues/1723"
},
{
"name": "https://github.com/FasterXML/jackson-databind/issues/1599",
"refsource": "CONFIRM",
"url": "https://github.com/FasterXML/jackson-databind/issues/1599"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1462702",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1462702"
},
{
"name": "https://security.netapp.com/advisory/ntap-20171214-0002/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20171214-0002/"
},
{
"name": "https://cwiki.apache.org/confluence/display/WW/S2-055",
"refsource": "CONFIRM",
"url": "https://cwiki.apache.org/confluence/display/WW/S2-055"
},
{
"name": "[spark-issues] 20210223 [jira] [Created] (SPARK-34511) Current Security vulnerabilities in spark libraries",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r68acf97f4526ba59a33cc6e592261ea4f85d890f99e79c82d57dd589@%3Cissues.spark.apache.org%3E"
},
{
"name": "[cassandra-commits] 20210927 [jira] [Commented] (CASSANDRA-15416) CVE-2017-7525 ( jackson-databind is vulnerable to Remote Code Execution) on version 3.11.4",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rf7f87810c38dc9abf9f93989f76008f504cbf7c1a355214640b2d04c@%3Ccommits.cassandra.apache.org%3E"
},
{
"name": "[cassandra-commits] 20210927 [jira] [Updated] (CASSANDRA-15416) CVE-2017-7525 ( jackson-databind is vulnerable to Remote Code Execution) on version 3.11.4",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r42ac3e39e6265db12d9fc6ae1cd4b5fea7aed9830dc6f6d58228fed7@%3Ccommits.cassandra.apache.org%3E"
}
]
}
},
"gitlab.com": {
"advisories": [
{
"affected_range": "[2.6.0,2.6.7.1),[2.7.0,2.7.9.1),[2.8.0,2.8.9)",
"affected_versions": "All versions starting from 2.6.0 before 2.6.7.1, all versions starting from 2.7.0 before 2.7.9.1, all versions starting from 2.8.0 before 2.8.9",
"cvss_v2": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"cvss_v3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"cwe_ids": [
"CWE-1035",
"CWE-184",
"CWE-937"
],
"date": "2019-09-27",
"description": "A deserialization flaw was discovered in the jackson-databind which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the `readValue` method of the `ObjectMapper`.",
"fixed_versions": [
"2.6.7.1",
"2.7.9.1",
"2.8.9"
],
"identifier": "CVE-2017-7525",
"identifiers": [
"CVE-2017-7525"
],
"not_impacted": "All versions before 2.6.0, all versions starting from 2.6.7.1 before 2.7.0, all versions starting from 2.7.9.1 before 2.8.0, all versions starting from 2.8.9",
"package_slug": "maven/com.fasterxml.jackson.core/jackson-databind",
"pubdate": "2018-02-06",
"solution": "Upgrade to versions 2.6.7.1, 2.7.9.1, 2.8.9 or above.",
"title": "Deserialization of Untrusted Data",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2017-7525",
"http://www.securityfocus.com/bid/99623",
"http://www.securitytracker.com/id/1039744",
"http://www.securitytracker.com/id/1039947",
"http://www.securitytracker.com/id/1040360",
"https://bugzilla.redhat.com/show_bug.cgi?id=1462702",
"https://github.com/FasterXML/jackson-databind/issues/1599",
"https://github.com/FasterXML/jackson-databind/issues/1723",
"https://www.github.com/mbechler/marshalsec/blob/master/marshalsec.pdf?raw=true",
"https://github.com/FasterXML/jackson-databind/issues/1737"
],
"uuid": "17a47c7d-f4a7-4a86-81ea-d9d0be49247c"
}
]
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.6.7.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.8.9",
"versionStartIncluding": "2.8.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.7.9.1",
"versionStartIncluding": "2.7.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:fasterxml:jackson-databind:2.9.0:prerelease1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:fasterxml:jackson-databind:2.9.0:prerelease2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:netapp:oncommand_balance:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:oncommand_shift:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:oncommand_performance_manager:-:*:*:*:*:vmware_vsphere:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:oncommand_performance_manager:-:*:*:*:*:linux:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:redhat:openshift_container_platform:4.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:redhat:virtualization:4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:redhat:virtualization_host:4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:16.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_platform:2.5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:16.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:webcenter_portal:12.2.1.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.5.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.4.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.3.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.2.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "17.12",
"versionStartIncluding": "17.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_billing_and_revenue_management:7.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_platform:2.6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_platform:2.6.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_platform:2.6.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:enterprise_manager_for_virtualization:13.2.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:enterprise_manager_for_virtualization:13.2.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:enterprise_manager_for_virtualization:13.3.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_communications_policy_management:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "12.5.2",
"versionStartIncluding": "12.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.7.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.6.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_diameter_signaling_route:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "8.3",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:utilities_advanced_spatial_and_operational_analytics:2.7.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:global_lifecycle_management_opatchauto:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "12.2.0.1.14",
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2017-7525"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "A deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-184"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/FasterXML/jackson-databind/issues/1599",
"refsource": "CONFIRM",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/FasterXML/jackson-databind/issues/1599"
},
{
"name": "https://github.com/FasterXML/jackson-databind/issues/1723",
"refsource": "CONFIRM",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/FasterXML/jackson-databind/issues/1723"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1462702",
"refsource": "CONFIRM",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1462702"
},
{
"name": "DSA-4004",
"refsource": "DEBIAN",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2017/dsa-4004"
},
{
"name": "https://security.netapp.com/advisory/ntap-20171214-0002/",
"refsource": "CONFIRM",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20171214-0002/"
},
{
"name": "RHSA-2017:3458",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3458"
},
{
"name": "RHSA-2017:3456",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3456"
},
{
"name": "RHSA-2017:3455",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3455"
},
{
"name": "RHSA-2017:3454",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3454"
},
{
"name": "RHSA-2017:3141",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3141"
},
{
"name": "RHSA-2017:2638",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2638"
},
{
"name": "RHSA-2017:2637",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2637"
},
{
"name": "RHSA-2017:2636",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2636"
},
{
"name": "RHSA-2017:2635",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2635"
},
{
"name": "RHSA-2017:2633",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2633"
},
{
"name": "RHSA-2017:2547",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2547"
},
{
"name": "RHSA-2017:2546",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2546"
},
{
"name": "RHSA-2017:2477",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2477"
},
{
"name": "RHSA-2017:1840",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1840"
},
{
"name": "RHSA-2017:1839",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1839"
},
{
"name": "RHSA-2017:1837",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1837"
},
{
"name": "RHSA-2017:1836",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1836"
},
{
"name": "RHSA-2017:1835",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1835"
},
{
"name": "RHSA-2017:1834",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1834"
},
{
"name": "1039947",
"refsource": "SECTRACK",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1039947"
},
{
"name": "1039744",
"refsource": "SECTRACK",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1039744"
},
{
"name": "99623",
"refsource": "BID",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/99623"
},
{
"name": "https://cwiki.apache.org/confluence/display/WW/S2-055",
"refsource": "CONFIRM",
"tags": [
"Third Party Advisory"
],
"url": "https://cwiki.apache.org/confluence/display/WW/S2-055"
},
{
"name": "RHSA-2018:0294",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0294"
},
{
"name": "1040360",
"refsource": "SECTRACK",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1040360"
},
{
"name": "RHSA-2018:0342",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0342"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html",
"refsource": "CONFIRM",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
},
{
"name": "RHSA-2018:1450",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1450"
},
{
"name": "RHSA-2018:1449",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1449"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
"refsource": "CONFIRM",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03902en_us",
"refsource": "CONFIRM",
"tags": [
"Third Party Advisory"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03902en_us"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
"refsource": "CONFIRM",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
},
{
"name": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
"refsource": "CONFIRM",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
},
{
"name": "[lucene-dev] 20190325 [jira] [Closed] (SOLR-13110) CVE-2017-7525 Threat Level 9 Against Solr v7.6. org.codehaus.jackson : jackson-mapper-asl : 1.9.13. .A deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, ...",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/f60afd3c7e9ebaaf70fad4a4beb75cf8740ac959017a31e7006c7486@%3Cdev.lucene.apache.org%3E"
},
{
"name": "[lucene-dev] 20190325 [jira] [Assigned] (SOLR-13110) CVE-2017-7525 Threat Level 9 Against Solr v7.6. org.codehaus.jackson : jackson-mapper-asl : 1.9.13. .A deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, ...",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/c2ed4c0126b43e324cf740012a0edd371fd36096fd777be7bfe7a2a6@%3Cdev.lucene.apache.org%3E"
},
{
"name": "[lucene-dev] 20190325 [jira] [Resolved] (SOLR-13110) CVE-2017-7525 Threat Level 9 Against Solr v7.6. org.codehaus.jackson : jackson-mapper-asl : 1.9.13. .A deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, ...",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/c10a2bf0fdc3d25faf17bd191d6ec46b29a353fa9c97bebd7c4e5913@%3Cdev.lucene.apache.org%3E"
},
{
"name": "[lucene-dev] 20190325 [jira] [Updated] (SOLR-13110) CVE-2017-7525 Threat Level 9 Against Solr v7.6. org.codehaus.jackson : jackson-mapper-asl : 1.9.13. .A deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, ...",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/3c87dc8bca99a2b3b4743713b33d1de05b1d6b761fdf316224e9c81f@%3Cdev.lucene.apache.org%3E"
},
{
"name": "[lucene-dev] 20190325 [jira] [Updated] (SOLR-13110) CVE-2017-7525 Threat Level 9 Against Solr v7.6. org.codehaus.jackson : jackson-mapper-asl : 1.9.13. .A deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, ...",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/b1f33fe5ade396bb903fdcabe9f243f7692c7dfce5418d3743c2d346@%3Cdev.lucene.apache.org%3E"
},
{
"name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
"refsource": "MISC",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"name": "RHSA-2019:0910",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0910"
},
{
"name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
"refsource": "MISC",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
},
{
"name": "RHSA-2019:2858",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2858"
},
{
"name": "RHSA-2019:3149",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3149"
},
{
"name": "[lucene-solr-user] 20190104 Re: SOLR v7 Security Issues Caused Denial of Use - Sonatype Application Composition Report",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451@%3Csolr-user.lucene.apache.org%3E"
},
{
"name": "[cassandra-commits] 20191113 [jira] [Created] (CASSANDRA-15416) CVE-2017-7525 ( jackson-databind is vulnerable to Remote Code Execution) on version 3.11.4",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/4641ed8616ccc2c1fbddac2c3dc9900c96387bc226eaf0232d61909b@%3Ccommits.cassandra.apache.org%3E"
},
{
"name": "[druid-commits] 20191115 [GitHub] [incubator-druid] ccaominh opened a new pull request #8878: Address security vulnerabilities",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe@%3Ccommits.druid.apache.org%3E"
},
{
"name": "[lucene-solr-user] 20191218 CVE-2017-7525 fix for Solr 7.7.x",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/5008bcbd45ee65ce39e4220b6ac53d28a24d6bc67d5804e9773a7399@%3Csolr-user.lucene.apache.org%3E"
},
{
"name": "[lucene-solr-user] 20191218 Re: CVE-2017-7525 fix for Solr 7.7.x",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/c9d5ff20929e8a3c8794facf4c4b326a9c10618812eec356caa20b87@%3Csolr-user.lucene.apache.org%3E"
},
{
"name": "[lucene-solr-user] 20191219 Re: CVE-2017-7525 fix for Solr 7.7.x",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/f095a791bda6c0595f691eddd0febb2d396987eec5cbd29120d8c629@%3Csolr-user.lucene.apache.org%3E"
},
{
"name": "[debian-lts-announce] 20200131 [SECURITY] [DLA 2091-1] libjackson-json-java security update",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00037.html"
},
{
"name": "[debian-lts-announce] 20200824 [SECURITY] [DLA 2342-1] libjackson-json-java security update",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00039.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpuoct2020.html",
"refsource": "MISC",
"tags": [
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"name": "[spark-issues] 20210223 [jira] [Created] (SPARK-34511) Current Security vulnerabilities in spark libraries",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/r68acf97f4526ba59a33cc6e592261ea4f85d890f99e79c82d57dd589@%3Cissues.spark.apache.org%3E"
},
{
"name": "[cassandra-commits] 20210927 [jira] [Commented] (CASSANDRA-15416) CVE-2017-7525 ( jackson-databind is vulnerable to Remote Code Execution) on version 3.11.4",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/rf7f87810c38dc9abf9f93989f76008f504cbf7c1a355214640b2d04c@%3Ccommits.cassandra.apache.org%3E"
},
{
"name": "[cassandra-commits] 20210927 [jira] [Updated] (CASSANDRA-15416) CVE-2017-7525 ( jackson-databind is vulnerable to Remote Code Execution) on version 3.11.4",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/r42ac3e39e6265db12d9fc6ae1cd4b5fea7aed9830dc6f6d58228fed7@%3Ccommits.cassandra.apache.org%3E"
}
]
}
},
"impact": {
"baseMetricV2": {
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
},
"lastModifiedDate": "2023-06-08T17:57Z",
"publishedDate": "2018-02-06T15:29Z"
}
}
}
RHSA-2017:1834
Vulnerability from csaf_redhat - Published: 2017-07-31 14:59 - Updated: 2026-05-11 13:49Summary
Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.0.7 on RHEL 6
Severity
Important
Notes
Topic: An update is now available for Red Hat JBoss Enterprise Application Platform 7.0 for Red Hat Enterprise Linux 6.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server.
This release of Red Hat JBoss Enterprise Application Platform 7.0.7 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.0.6, and includes bug fixes and enhancements, which are documented in the Release Notes linked to in the References.
Security Fix(es):
* A deserialization flaw was discovered in jackson-databind which could allow an unauthenticated user to perform code execution by sending maliciously crafted input to the readValue method of the ObjectMapper. (CVE-2017-7525)
* It was found that use of a JMS ObjectMessage does not safely handle user-supplied data when deserializing objects. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using the JMS ObjectMessage. (CVE-2016-4978)
Red Hat would like to thank Liao Xinxi (NSFOCUS) for reporting CVE-2017-7525.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
It was found that use of a JMS ObjectMessage does not safely handle user supplied data when deserializing objects. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using a JMS ObjectMessage.
6.6 (Medium)
Affected products
Fixed
69 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-activemq-artemis-0:1.1.0-18.SP21_redhat_1.1.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-activemq-artemis-0:1.1.0-18.SP21_redhat_1.1.ep7.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-activemq-artemis-cli-0:1.1.0-18.SP21_redhat_1.1.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-activemq-artemis-commons-0:1.1.0-18.SP21_redhat_1.1.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-activemq-artemis-core-client-0:1.1.0-18.SP21_redhat_1.1.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-activemq-artemis-dto-0:1.1.0-18.SP21_redhat_1.1.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-activemq-artemis-hornetq-protocol-0:1.1.0-18.SP21_redhat_1.1.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-activemq-artemis-hqclient-protocol-0:1.1.0-18.SP21_redhat_1.1.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-activemq-artemis-jms-client-0:1.1.0-18.SP21_redhat_1.1.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-activemq-artemis-jms-server-0:1.1.0-18.SP21_redhat_1.1.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-activemq-artemis-journal-0:1.1.0-18.SP21_redhat_1.1.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-activemq-artemis-native-0:1.1.0-18.SP21_redhat_1.1.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-activemq-artemis-ra-0:1.1.0-18.SP21_redhat_1.1.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-activemq-artemis-selector-0:1.1.0-18.SP21_redhat_1.1.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-activemq-artemis-server-0:1.1.0-18.SP21_redhat_1.1.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-activemq-artemis-service-extensions-0:1.1.0-18.SP21_redhat_1.1.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-glassfish-jsf-0:2.2.12-2.SP4_redhat_1.1.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-glassfish-jsf-0:2.2.12-2.SP4_redhat_1.1.ep7.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-hibernate-0:5.0.14-1.Final_redhat_1.1.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-hibernate-0:5.0.14-1.Final_redhat_1.1.ep7.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-hibernate-core-0:5.0.14-1.Final_redhat_1.1.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-hibernate-entitymanager-0:5.0.14-1.Final_redhat_1.1.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-hibernate-envers-0:5.0.14-1.Final_redhat_1.1.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-hibernate-infinispan-0:5.0.14-1.Final_redhat_1.1.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-hibernate-java8-0:5.0.14-1.Final_redhat_1.1.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-ironjacamar-0:1.3.7-1.Final_redhat_1.1.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-ironjacamar-0:1.3.7-1.Final_redhat_1.1.ep7.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-ironjacamar-common-api-0:1.3.7-1.Final_redhat_1.1.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-ironjacamar-common-impl-0:1.3.7-1.Final_redhat_1.1.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-ironjacamar-common-spi-0:1.3.7-1.Final_redhat_1.1.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-ironjacamar-core-api-0:1.3.7-1.Final_redhat_1.1.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-ironjacamar-core-impl-0:1.3.7-1.Final_redhat_1.1.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-ironjacamar-deployers-common-0:1.3.7-1.Final_redhat_1.1.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-ironjacamar-jdbc-0:1.3.7-1.Final_redhat_1.1.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-ironjacamar-validator-0:1.3.7-1.Final_redhat_1.1.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-jackson-databind-0:2.5.4-2.redhat_2.1.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-jackson-databind-0:2.5.4-2.redhat_2.1.ep7.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-jboss-modules-0:1.5.4-1.Final_redhat_1.1.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-jboss-modules-0:1.5.4-1.Final_redhat_1.1.ep7.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-jboss-remoting-0:4.0.23-1.Final_redhat_1.1.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-jboss-remoting-0:4.0.23-1.Final_redhat_1.1.ep7.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-jboss-xnio-base-0:3.4.6-1.Final_redhat_1.1.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-jboss-xnio-base-0:3.4.6-1.Final_redhat_1.1.ep7.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-resteasy-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-resteasy-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-resteasy-async-http-servlet-3.0-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-resteasy-atom-provider-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-resteasy-cdi-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-resteasy-client-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-resteasy-crypto-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-resteasy-jackson-provider-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-resteasy-jackson2-provider-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-resteasy-jaxb-provider-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-resteasy-jaxrs-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-resteasy-jettison-provider-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-resteasy-jose-jwt-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-resteasy-jsapi-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-resteasy-json-p-provider-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-resteasy-multipart-provider-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-resteasy-spring-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-resteasy-validator-provider-11-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-resteasy-yaml-provider-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-wildfly-0:7.0.7-4.GA_redhat_3.1.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-wildfly-0:7.0.7-4.GA_redhat_3.1.ep7.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-wildfly-javadocs-0:7.0.7-3.GA_redhat_4.1.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-wildfly-javadocs-0:7.0.7-3.GA_redhat_4.1.ep7.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-wildfly-modules-0:7.0.7-4.GA_redhat_3.1.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-wildfly-web-console-eap-0:2.8.30-1.Final_redhat_1.1.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-wildfly-web-console-eap-0:2.8.30-1.Final_redhat_1.1.ep7.el6.src | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A deserialization flaw was discovered in the jackson-databind which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper.
8.1 (High)
Affected products
Fixed
69 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-activemq-artemis-0:1.1.0-18.SP21_redhat_1.1.ep7.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-activemq-artemis-0:1.1.0-18.SP21_redhat_1.1.ep7.el6.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-activemq-artemis-cli-0:1.1.0-18.SP21_redhat_1.1.ep7.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-activemq-artemis-commons-0:1.1.0-18.SP21_redhat_1.1.ep7.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-activemq-artemis-core-client-0:1.1.0-18.SP21_redhat_1.1.ep7.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-activemq-artemis-dto-0:1.1.0-18.SP21_redhat_1.1.ep7.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-activemq-artemis-hornetq-protocol-0:1.1.0-18.SP21_redhat_1.1.ep7.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-activemq-artemis-hqclient-protocol-0:1.1.0-18.SP21_redhat_1.1.ep7.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-activemq-artemis-jms-client-0:1.1.0-18.SP21_redhat_1.1.ep7.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-activemq-artemis-jms-server-0:1.1.0-18.SP21_redhat_1.1.ep7.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-activemq-artemis-journal-0:1.1.0-18.SP21_redhat_1.1.ep7.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-activemq-artemis-native-0:1.1.0-18.SP21_redhat_1.1.ep7.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-activemq-artemis-ra-0:1.1.0-18.SP21_redhat_1.1.ep7.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-activemq-artemis-selector-0:1.1.0-18.SP21_redhat_1.1.ep7.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-activemq-artemis-server-0:1.1.0-18.SP21_redhat_1.1.ep7.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-activemq-artemis-service-extensions-0:1.1.0-18.SP21_redhat_1.1.ep7.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-glassfish-jsf-0:2.2.12-2.SP4_redhat_1.1.ep7.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-glassfish-jsf-0:2.2.12-2.SP4_redhat_1.1.ep7.el6.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-hibernate-0:5.0.14-1.Final_redhat_1.1.ep7.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-hibernate-0:5.0.14-1.Final_redhat_1.1.ep7.el6.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-hibernate-core-0:5.0.14-1.Final_redhat_1.1.ep7.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-hibernate-entitymanager-0:5.0.14-1.Final_redhat_1.1.ep7.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-hibernate-envers-0:5.0.14-1.Final_redhat_1.1.ep7.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-hibernate-infinispan-0:5.0.14-1.Final_redhat_1.1.ep7.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-hibernate-java8-0:5.0.14-1.Final_redhat_1.1.ep7.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-ironjacamar-0:1.3.7-1.Final_redhat_1.1.ep7.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-ironjacamar-0:1.3.7-1.Final_redhat_1.1.ep7.el6.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-ironjacamar-common-api-0:1.3.7-1.Final_redhat_1.1.ep7.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-ironjacamar-common-impl-0:1.3.7-1.Final_redhat_1.1.ep7.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-ironjacamar-common-spi-0:1.3.7-1.Final_redhat_1.1.ep7.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-ironjacamar-core-api-0:1.3.7-1.Final_redhat_1.1.ep7.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-ironjacamar-core-impl-0:1.3.7-1.Final_redhat_1.1.ep7.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-ironjacamar-deployers-common-0:1.3.7-1.Final_redhat_1.1.ep7.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-ironjacamar-jdbc-0:1.3.7-1.Final_redhat_1.1.ep7.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-ironjacamar-validator-0:1.3.7-1.Final_redhat_1.1.ep7.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-jackson-databind-0:2.5.4-2.redhat_2.1.ep7.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-jackson-databind-0:2.5.4-2.redhat_2.1.ep7.el6.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-jboss-modules-0:1.5.4-1.Final_redhat_1.1.ep7.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-jboss-modules-0:1.5.4-1.Final_redhat_1.1.ep7.el6.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-jboss-remoting-0:4.0.23-1.Final_redhat_1.1.ep7.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-jboss-remoting-0:4.0.23-1.Final_redhat_1.1.ep7.el6.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-jboss-xnio-base-0:3.4.6-1.Final_redhat_1.1.ep7.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-jboss-xnio-base-0:3.4.6-1.Final_redhat_1.1.ep7.el6.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-resteasy-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-resteasy-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-resteasy-async-http-servlet-3.0-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-resteasy-atom-provider-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-resteasy-cdi-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-resteasy-client-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-resteasy-crypto-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-resteasy-jackson-provider-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-resteasy-jackson2-provider-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-resteasy-jaxb-provider-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-resteasy-jaxrs-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-resteasy-jettison-provider-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-resteasy-jose-jwt-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-resteasy-jsapi-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-resteasy-json-p-provider-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-resteasy-multipart-provider-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-resteasy-spring-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-resteasy-validator-provider-11-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-resteasy-yaml-provider-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-wildfly-0:7.0.7-4.GA_redhat_3.1.ep7.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-wildfly-0:7.0.7-4.GA_redhat_3.1.ep7.el6.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-wildfly-javadocs-0:7.0.7-3.GA_redhat_4.1.ep7.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-wildfly-javadocs-0:7.0.7-3.GA_redhat_4.1.ep7.el6.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-wildfly-modules-0:7.0.7-4.GA_redhat_3.1.ep7.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-wildfly-web-console-eap-0:2.8.30-1.Final_redhat_1.1.ep7.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-wildfly-web-console-eap-0:2.8.30-1.Final_redhat_1.1.ep7.el6.src | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
References
17 references
| URL | Category |
|---|---|
| https://access.redhat.com/errata/RHSA-2017:1834 | self |
| https://access.redhat.com/security/updates/classi… | external |
| https://access.redhat.com/documentation/en/red-ha… | external |
| https://access.redhat.com/documentation/en/red-ha… | external |
| https://access.redhat.com/documentation/en/jboss-… | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1379207 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1462702 | external |
| https://issues.redhat.com/browse/JBEAP-9464 | external |
| https://security.access.redhat.com/data/csaf/v2/a… | self |
| https://access.redhat.com/security/cve/CVE-2016-4978 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=1379207 | external |
| https://www.cve.org/CVERecord?id=CVE-2016-4978 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2016-4978 | external |
| https://access.redhat.com/security/cve/CVE-2017-7525 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=1462702 | external |
| https://www.cve.org/CVERecord?id=CVE-2017-7525 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2017-7525 | external |
Acknowledgments
NSFOCUS
Liao Xinxi
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update is now available for Red Hat JBoss Enterprise Application Platform 7.0 for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server.\n\nThis release of Red Hat JBoss Enterprise Application Platform 7.0.7 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.0.6, and includes bug fixes and enhancements, which are documented in the Release Notes linked to in the References.\n\nSecurity Fix(es):\n\n* A deserialization flaw was discovered in jackson-databind which could allow an unauthenticated user to perform code execution by sending maliciously crafted input to the readValue method of the ObjectMapper. (CVE-2017-7525)\n\n* It was found that use of a JMS ObjectMessage does not safely handle user-supplied data when deserializing objects. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using the JMS ObjectMessage. (CVE-2016-4978)\n\nRed Hat would like to thank Liao Xinxi (NSFOCUS) for reporting CVE-2017-7525.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2017:1834",
"url": "https://access.redhat.com/errata/RHSA-2017:1834"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en/red-hat-jboss-enterprise-application-platform/version-7.0/",
"url": "https://access.redhat.com/documentation/en/red-hat-jboss-enterprise-application-platform/version-7.0/"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en/red-hat-jboss-enterprise-application-platform/version-7.0/installation-guide/",
"url": "https://access.redhat.com/documentation/en/red-hat-jboss-enterprise-application-platform/version-7.0/installation-guide/"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en/jboss-enterprise-application-platform/",
"url": "https://access.redhat.com/documentation/en/jboss-enterprise-application-platform/"
},
{
"category": "external",
"summary": "1379207",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1379207"
},
{
"category": "external",
"summary": "1462702",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1462702"
},
{
"category": "external",
"summary": "JBEAP-9464",
"url": "https://issues.redhat.com/browse/JBEAP-9464"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2017/rhsa-2017_1834.json"
}
],
"title": "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.0.7 on RHEL 6",
"tracking": {
"current_release_date": "2026-05-11T13:49:10+00:00",
"generator": {
"date": "2026-05-11T13:49:10+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.9"
}
},
"id": "RHSA-2017:1834",
"initial_release_date": "2017-07-31T14:59:10+00:00",
"revision_history": [
{
"date": "2017-07-31T14:59:10+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2017-07-31T14:59:10+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-05-11T13:49:10+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 Server",
"product": {
"name": "Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.0",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7::el6"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss Enterprise Application Platform"
},
{
"branches": [
{
"category": "product_version",
"name": "eap7-activemq-artemis-service-extensions-0:1.1.0-18.SP21_redhat_1.1.ep7.el6.noarch",
"product": {
"name": "eap7-activemq-artemis-service-extensions-0:1.1.0-18.SP21_redhat_1.1.ep7.el6.noarch",
"product_id": "eap7-activemq-artemis-service-extensions-0:1.1.0-18.SP21_redhat_1.1.ep7.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-service-extensions@1.1.0-18.SP21_redhat_1.1.ep7.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-ra-0:1.1.0-18.SP21_redhat_1.1.ep7.el6.noarch",
"product": {
"name": "eap7-activemq-artemis-ra-0:1.1.0-18.SP21_redhat_1.1.ep7.el6.noarch",
"product_id": "eap7-activemq-artemis-ra-0:1.1.0-18.SP21_redhat_1.1.ep7.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-ra@1.1.0-18.SP21_redhat_1.1.ep7.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-jms-server-0:1.1.0-18.SP21_redhat_1.1.ep7.el6.noarch",
"product": {
"name": "eap7-activemq-artemis-jms-server-0:1.1.0-18.SP21_redhat_1.1.ep7.el6.noarch",
"product_id": "eap7-activemq-artemis-jms-server-0:1.1.0-18.SP21_redhat_1.1.ep7.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-jms-server@1.1.0-18.SP21_redhat_1.1.ep7.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-native-0:1.1.0-18.SP21_redhat_1.1.ep7.el6.noarch",
"product": {
"name": "eap7-activemq-artemis-native-0:1.1.0-18.SP21_redhat_1.1.ep7.el6.noarch",
"product_id": "eap7-activemq-artemis-native-0:1.1.0-18.SP21_redhat_1.1.ep7.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-native@1.1.0-18.SP21_redhat_1.1.ep7.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-hqclient-protocol-0:1.1.0-18.SP21_redhat_1.1.ep7.el6.noarch",
"product": {
"name": "eap7-activemq-artemis-hqclient-protocol-0:1.1.0-18.SP21_redhat_1.1.ep7.el6.noarch",
"product_id": "eap7-activemq-artemis-hqclient-protocol-0:1.1.0-18.SP21_redhat_1.1.ep7.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-hqclient-protocol@1.1.0-18.SP21_redhat_1.1.ep7.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-selector-0:1.1.0-18.SP21_redhat_1.1.ep7.el6.noarch",
"product": {
"name": "eap7-activemq-artemis-selector-0:1.1.0-18.SP21_redhat_1.1.ep7.el6.noarch",
"product_id": "eap7-activemq-artemis-selector-0:1.1.0-18.SP21_redhat_1.1.ep7.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-selector@1.1.0-18.SP21_redhat_1.1.ep7.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-dto-0:1.1.0-18.SP21_redhat_1.1.ep7.el6.noarch",
"product": {
"name": "eap7-activemq-artemis-dto-0:1.1.0-18.SP21_redhat_1.1.ep7.el6.noarch",
"product_id": "eap7-activemq-artemis-dto-0:1.1.0-18.SP21_redhat_1.1.ep7.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-dto@1.1.0-18.SP21_redhat_1.1.ep7.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-0:1.1.0-18.SP21_redhat_1.1.ep7.el6.noarch",
"product": {
"name": "eap7-activemq-artemis-0:1.1.0-18.SP21_redhat_1.1.ep7.el6.noarch",
"product_id": "eap7-activemq-artemis-0:1.1.0-18.SP21_redhat_1.1.ep7.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis@1.1.0-18.SP21_redhat_1.1.ep7.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-commons-0:1.1.0-18.SP21_redhat_1.1.ep7.el6.noarch",
"product": {
"name": "eap7-activemq-artemis-commons-0:1.1.0-18.SP21_redhat_1.1.ep7.el6.noarch",
"product_id": "eap7-activemq-artemis-commons-0:1.1.0-18.SP21_redhat_1.1.ep7.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-commons@1.1.0-18.SP21_redhat_1.1.ep7.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-hornetq-protocol-0:1.1.0-18.SP21_redhat_1.1.ep7.el6.noarch",
"product": {
"name": "eap7-activemq-artemis-hornetq-protocol-0:1.1.0-18.SP21_redhat_1.1.ep7.el6.noarch",
"product_id": "eap7-activemq-artemis-hornetq-protocol-0:1.1.0-18.SP21_redhat_1.1.ep7.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-hornetq-protocol@1.1.0-18.SP21_redhat_1.1.ep7.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-cli-0:1.1.0-18.SP21_redhat_1.1.ep7.el6.noarch",
"product": {
"name": "eap7-activemq-artemis-cli-0:1.1.0-18.SP21_redhat_1.1.ep7.el6.noarch",
"product_id": "eap7-activemq-artemis-cli-0:1.1.0-18.SP21_redhat_1.1.ep7.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-cli@1.1.0-18.SP21_redhat_1.1.ep7.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-journal-0:1.1.0-18.SP21_redhat_1.1.ep7.el6.noarch",
"product": {
"name": "eap7-activemq-artemis-journal-0:1.1.0-18.SP21_redhat_1.1.ep7.el6.noarch",
"product_id": "eap7-activemq-artemis-journal-0:1.1.0-18.SP21_redhat_1.1.ep7.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-journal@1.1.0-18.SP21_redhat_1.1.ep7.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-server-0:1.1.0-18.SP21_redhat_1.1.ep7.el6.noarch",
"product": {
"name": "eap7-activemq-artemis-server-0:1.1.0-18.SP21_redhat_1.1.ep7.el6.noarch",
"product_id": "eap7-activemq-artemis-server-0:1.1.0-18.SP21_redhat_1.1.ep7.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-server@1.1.0-18.SP21_redhat_1.1.ep7.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-core-client-0:1.1.0-18.SP21_redhat_1.1.ep7.el6.noarch",
"product": {
"name": "eap7-activemq-artemis-core-client-0:1.1.0-18.SP21_redhat_1.1.ep7.el6.noarch",
"product_id": "eap7-activemq-artemis-core-client-0:1.1.0-18.SP21_redhat_1.1.ep7.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-core-client@1.1.0-18.SP21_redhat_1.1.ep7.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-jms-client-0:1.1.0-18.SP21_redhat_1.1.ep7.el6.noarch",
"product": {
"name": "eap7-activemq-artemis-jms-client-0:1.1.0-18.SP21_redhat_1.1.ep7.el6.noarch",
"product_id": "eap7-activemq-artemis-jms-client-0:1.1.0-18.SP21_redhat_1.1.ep7.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-jms-client@1.1.0-18.SP21_redhat_1.1.ep7.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-web-console-eap-0:2.8.30-1.Final_redhat_1.1.ep7.el6.noarch",
"product": {
"name": "eap7-wildfly-web-console-eap-0:2.8.30-1.Final_redhat_1.1.ep7.el6.noarch",
"product_id": "eap7-wildfly-web-console-eap-0:2.8.30-1.Final_redhat_1.1.ep7.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-web-console-eap@2.8.30-1.Final_redhat_1.1.ep7.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-modules-0:1.5.4-1.Final_redhat_1.1.ep7.el6.noarch",
"product": {
"name": "eap7-jboss-modules-0:1.5.4-1.Final_redhat_1.1.ep7.el6.noarch",
"product_id": "eap7-jboss-modules-0:1.5.4-1.Final_redhat_1.1.ep7.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-modules@1.5.4-1.Final_redhat_1.1.ep7.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-validator-0:1.3.7-1.Final_redhat_1.1.ep7.el6.noarch",
"product": {
"name": "eap7-ironjacamar-validator-0:1.3.7-1.Final_redhat_1.1.ep7.el6.noarch",
"product_id": "eap7-ironjacamar-validator-0:1.3.7-1.Final_redhat_1.1.ep7.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar-validator@1.3.7-1.Final_redhat_1.1.ep7.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-core-api-0:1.3.7-1.Final_redhat_1.1.ep7.el6.noarch",
"product": {
"name": "eap7-ironjacamar-core-api-0:1.3.7-1.Final_redhat_1.1.ep7.el6.noarch",
"product_id": "eap7-ironjacamar-core-api-0:1.3.7-1.Final_redhat_1.1.ep7.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar-core-api@1.3.7-1.Final_redhat_1.1.ep7.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-common-api-0:1.3.7-1.Final_redhat_1.1.ep7.el6.noarch",
"product": {
"name": "eap7-ironjacamar-common-api-0:1.3.7-1.Final_redhat_1.1.ep7.el6.noarch",
"product_id": "eap7-ironjacamar-common-api-0:1.3.7-1.Final_redhat_1.1.ep7.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar-common-api@1.3.7-1.Final_redhat_1.1.ep7.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-core-impl-0:1.3.7-1.Final_redhat_1.1.ep7.el6.noarch",
"product": {
"name": "eap7-ironjacamar-core-impl-0:1.3.7-1.Final_redhat_1.1.ep7.el6.noarch",
"product_id": "eap7-ironjacamar-core-impl-0:1.3.7-1.Final_redhat_1.1.ep7.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar-core-impl@1.3.7-1.Final_redhat_1.1.ep7.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-common-spi-0:1.3.7-1.Final_redhat_1.1.ep7.el6.noarch",
"product": {
"name": "eap7-ironjacamar-common-spi-0:1.3.7-1.Final_redhat_1.1.ep7.el6.noarch",
"product_id": "eap7-ironjacamar-common-spi-0:1.3.7-1.Final_redhat_1.1.ep7.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar-common-spi@1.3.7-1.Final_redhat_1.1.ep7.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-jdbc-0:1.3.7-1.Final_redhat_1.1.ep7.el6.noarch",
"product": {
"name": "eap7-ironjacamar-jdbc-0:1.3.7-1.Final_redhat_1.1.ep7.el6.noarch",
"product_id": "eap7-ironjacamar-jdbc-0:1.3.7-1.Final_redhat_1.1.ep7.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar-jdbc@1.3.7-1.Final_redhat_1.1.ep7.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-deployers-common-0:1.3.7-1.Final_redhat_1.1.ep7.el6.noarch",
"product": {
"name": "eap7-ironjacamar-deployers-common-0:1.3.7-1.Final_redhat_1.1.ep7.el6.noarch",
"product_id": "eap7-ironjacamar-deployers-common-0:1.3.7-1.Final_redhat_1.1.ep7.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar-deployers-common@1.3.7-1.Final_redhat_1.1.ep7.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-0:1.3.7-1.Final_redhat_1.1.ep7.el6.noarch",
"product": {
"name": "eap7-ironjacamar-0:1.3.7-1.Final_redhat_1.1.ep7.el6.noarch",
"product_id": "eap7-ironjacamar-0:1.3.7-1.Final_redhat_1.1.ep7.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar@1.3.7-1.Final_redhat_1.1.ep7.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-common-impl-0:1.3.7-1.Final_redhat_1.1.ep7.el6.noarch",
"product": {
"name": "eap7-ironjacamar-common-impl-0:1.3.7-1.Final_redhat_1.1.ep7.el6.noarch",
"product_id": "eap7-ironjacamar-common-impl-0:1.3.7-1.Final_redhat_1.1.ep7.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar-common-impl@1.3.7-1.Final_redhat_1.1.ep7.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-resteasy-client-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.noarch",
"product": {
"name": "eap7-resteasy-client-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.noarch",
"product_id": "eap7-resteasy-client-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-resteasy-client@3.0.19-6.SP4_redhat_1.1.ep7.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-resteasy-jaxb-provider-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.noarch",
"product": {
"name": "eap7-resteasy-jaxb-provider-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.noarch",
"product_id": "eap7-resteasy-jaxb-provider-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-resteasy-jaxb-provider@3.0.19-6.SP4_redhat_1.1.ep7.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-resteasy-json-p-provider-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.noarch",
"product": {
"name": "eap7-resteasy-json-p-provider-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.noarch",
"product_id": "eap7-resteasy-json-p-provider-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-resteasy-json-p-provider@3.0.19-6.SP4_redhat_1.1.ep7.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-resteasy-atom-provider-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.noarch",
"product": {
"name": "eap7-resteasy-atom-provider-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.noarch",
"product_id": "eap7-resteasy-atom-provider-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-resteasy-atom-provider@3.0.19-6.SP4_redhat_1.1.ep7.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-resteasy-crypto-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.noarch",
"product": {
"name": "eap7-resteasy-crypto-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.noarch",
"product_id": "eap7-resteasy-crypto-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-resteasy-crypto@3.0.19-6.SP4_redhat_1.1.ep7.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-resteasy-jaxrs-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.noarch",
"product": {
"name": "eap7-resteasy-jaxrs-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.noarch",
"product_id": "eap7-resteasy-jaxrs-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-resteasy-jaxrs@3.0.19-6.SP4_redhat_1.1.ep7.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-resteasy-async-http-servlet-3.0-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.noarch",
"product": {
"name": "eap7-resteasy-async-http-servlet-3.0-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.noarch",
"product_id": "eap7-resteasy-async-http-servlet-3.0-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-resteasy-async-http-servlet-3.0@3.0.19-6.SP4_redhat_1.1.ep7.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-resteasy-jackson-provider-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.noarch",
"product": {
"name": "eap7-resteasy-jackson-provider-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.noarch",
"product_id": "eap7-resteasy-jackson-provider-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-resteasy-jackson-provider@3.0.19-6.SP4_redhat_1.1.ep7.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-resteasy-jsapi-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.noarch",
"product": {
"name": "eap7-resteasy-jsapi-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.noarch",
"product_id": "eap7-resteasy-jsapi-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-resteasy-jsapi@3.0.19-6.SP4_redhat_1.1.ep7.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-resteasy-spring-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.noarch",
"product": {
"name": "eap7-resteasy-spring-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.noarch",
"product_id": "eap7-resteasy-spring-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-resteasy-spring@3.0.19-6.SP4_redhat_1.1.ep7.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-resteasy-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.noarch",
"product": {
"name": "eap7-resteasy-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.noarch",
"product_id": "eap7-resteasy-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-resteasy@3.0.19-6.SP4_redhat_1.1.ep7.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-resteasy-multipart-provider-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.noarch",
"product": {
"name": "eap7-resteasy-multipart-provider-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.noarch",
"product_id": "eap7-resteasy-multipart-provider-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-resteasy-multipart-provider@3.0.19-6.SP4_redhat_1.1.ep7.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-resteasy-jose-jwt-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.noarch",
"product": {
"name": "eap7-resteasy-jose-jwt-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.noarch",
"product_id": "eap7-resteasy-jose-jwt-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-resteasy-jose-jwt@3.0.19-6.SP4_redhat_1.1.ep7.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-resteasy-yaml-provider-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.noarch",
"product": {
"name": "eap7-resteasy-yaml-provider-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.noarch",
"product_id": "eap7-resteasy-yaml-provider-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-resteasy-yaml-provider@3.0.19-6.SP4_redhat_1.1.ep7.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-resteasy-validator-provider-11-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.noarch",
"product": {
"name": "eap7-resteasy-validator-provider-11-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.noarch",
"product_id": "eap7-resteasy-validator-provider-11-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-resteasy-validator-provider-11@3.0.19-6.SP4_redhat_1.1.ep7.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-resteasy-jettison-provider-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.noarch",
"product": {
"name": "eap7-resteasy-jettison-provider-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.noarch",
"product_id": "eap7-resteasy-jettison-provider-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-resteasy-jettison-provider@3.0.19-6.SP4_redhat_1.1.ep7.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-resteasy-cdi-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.noarch",
"product": {
"name": "eap7-resteasy-cdi-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.noarch",
"product_id": "eap7-resteasy-cdi-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-resteasy-cdi@3.0.19-6.SP4_redhat_1.1.ep7.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-resteasy-jackson2-provider-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.noarch",
"product": {
"name": "eap7-resteasy-jackson2-provider-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.noarch",
"product_id": "eap7-resteasy-jackson2-provider-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-resteasy-jackson2-provider@3.0.19-6.SP4_redhat_1.1.ep7.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-glassfish-jsf-0:2.2.12-2.SP4_redhat_1.1.ep7.el6.noarch",
"product": {
"name": "eap7-glassfish-jsf-0:2.2.12-2.SP4_redhat_1.1.ep7.el6.noarch",
"product_id": "eap7-glassfish-jsf-0:2.2.12-2.SP4_redhat_1.1.ep7.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-glassfish-jsf@2.2.12-2.SP4_redhat_1.1.ep7.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-xnio-base-0:3.4.6-1.Final_redhat_1.1.ep7.el6.noarch",
"product": {
"name": "eap7-jboss-xnio-base-0:3.4.6-1.Final_redhat_1.1.ep7.el6.noarch",
"product_id": "eap7-jboss-xnio-base-0:3.4.6-1.Final_redhat_1.1.ep7.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-xnio-base@3.4.6-1.Final_redhat_1.1.ep7.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-entitymanager-0:5.0.14-1.Final_redhat_1.1.ep7.el6.noarch",
"product": {
"name": "eap7-hibernate-entitymanager-0:5.0.14-1.Final_redhat_1.1.ep7.el6.noarch",
"product_id": "eap7-hibernate-entitymanager-0:5.0.14-1.Final_redhat_1.1.ep7.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-entitymanager@5.0.14-1.Final_redhat_1.1.ep7.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-infinispan-0:5.0.14-1.Final_redhat_1.1.ep7.el6.noarch",
"product": {
"name": "eap7-hibernate-infinispan-0:5.0.14-1.Final_redhat_1.1.ep7.el6.noarch",
"product_id": "eap7-hibernate-infinispan-0:5.0.14-1.Final_redhat_1.1.ep7.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-infinispan@5.0.14-1.Final_redhat_1.1.ep7.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-0:5.0.14-1.Final_redhat_1.1.ep7.el6.noarch",
"product": {
"name": "eap7-hibernate-0:5.0.14-1.Final_redhat_1.1.ep7.el6.noarch",
"product_id": "eap7-hibernate-0:5.0.14-1.Final_redhat_1.1.ep7.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate@5.0.14-1.Final_redhat_1.1.ep7.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-envers-0:5.0.14-1.Final_redhat_1.1.ep7.el6.noarch",
"product": {
"name": "eap7-hibernate-envers-0:5.0.14-1.Final_redhat_1.1.ep7.el6.noarch",
"product_id": "eap7-hibernate-envers-0:5.0.14-1.Final_redhat_1.1.ep7.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-envers@5.0.14-1.Final_redhat_1.1.ep7.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-core-0:5.0.14-1.Final_redhat_1.1.ep7.el6.noarch",
"product": {
"name": "eap7-hibernate-core-0:5.0.14-1.Final_redhat_1.1.ep7.el6.noarch",
"product_id": "eap7-hibernate-core-0:5.0.14-1.Final_redhat_1.1.ep7.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-core@5.0.14-1.Final_redhat_1.1.ep7.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-java8-0:5.0.14-1.Final_redhat_1.1.ep7.el6.noarch",
"product": {
"name": "eap7-hibernate-java8-0:5.0.14-1.Final_redhat_1.1.ep7.el6.noarch",
"product_id": "eap7-hibernate-java8-0:5.0.14-1.Final_redhat_1.1.ep7.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-java8@5.0.14-1.Final_redhat_1.1.ep7.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-remoting-0:4.0.23-1.Final_redhat_1.1.ep7.el6.noarch",
"product": {
"name": "eap7-jboss-remoting-0:4.0.23-1.Final_redhat_1.1.ep7.el6.noarch",
"product_id": "eap7-jboss-remoting-0:4.0.23-1.Final_redhat_1.1.ep7.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-remoting@4.0.23-1.Final_redhat_1.1.ep7.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-databind-0:2.5.4-2.redhat_2.1.ep7.el6.noarch",
"product": {
"name": "eap7-jackson-databind-0:2.5.4-2.redhat_2.1.ep7.el6.noarch",
"product_id": "eap7-jackson-databind-0:2.5.4-2.redhat_2.1.ep7.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-databind@2.5.4-2.redhat_2.1.ep7.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-javadocs-0:7.0.7-3.GA_redhat_4.1.ep7.el6.noarch",
"product": {
"name": "eap7-wildfly-javadocs-0:7.0.7-3.GA_redhat_4.1.ep7.el6.noarch",
"product_id": "eap7-wildfly-javadocs-0:7.0.7-3.GA_redhat_4.1.ep7.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-javadocs@7.0.7-3.GA_redhat_4.1.ep7.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-0:7.0.7-4.GA_redhat_3.1.ep7.el6.noarch",
"product": {
"name": "eap7-wildfly-0:7.0.7-4.GA_redhat_3.1.ep7.el6.noarch",
"product_id": "eap7-wildfly-0:7.0.7-4.GA_redhat_3.1.ep7.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly@7.0.7-4.GA_redhat_3.1.ep7.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-modules-0:7.0.7-4.GA_redhat_3.1.ep7.el6.noarch",
"product": {
"name": "eap7-wildfly-modules-0:7.0.7-4.GA_redhat_3.1.ep7.el6.noarch",
"product_id": "eap7-wildfly-modules-0:7.0.7-4.GA_redhat_3.1.ep7.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-modules@7.0.7-4.GA_redhat_3.1.ep7.el6?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "eap7-activemq-artemis-0:1.1.0-18.SP21_redhat_1.1.ep7.el6.src",
"product": {
"name": "eap7-activemq-artemis-0:1.1.0-18.SP21_redhat_1.1.ep7.el6.src",
"product_id": "eap7-activemq-artemis-0:1.1.0-18.SP21_redhat_1.1.ep7.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis@1.1.0-18.SP21_redhat_1.1.ep7.el6?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-web-console-eap-0:2.8.30-1.Final_redhat_1.1.ep7.el6.src",
"product": {
"name": "eap7-wildfly-web-console-eap-0:2.8.30-1.Final_redhat_1.1.ep7.el6.src",
"product_id": "eap7-wildfly-web-console-eap-0:2.8.30-1.Final_redhat_1.1.ep7.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-web-console-eap@2.8.30-1.Final_redhat_1.1.ep7.el6?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-modules-0:1.5.4-1.Final_redhat_1.1.ep7.el6.src",
"product": {
"name": "eap7-jboss-modules-0:1.5.4-1.Final_redhat_1.1.ep7.el6.src",
"product_id": "eap7-jboss-modules-0:1.5.4-1.Final_redhat_1.1.ep7.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-modules@1.5.4-1.Final_redhat_1.1.ep7.el6?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-0:1.3.7-1.Final_redhat_1.1.ep7.el6.src",
"product": {
"name": "eap7-ironjacamar-0:1.3.7-1.Final_redhat_1.1.ep7.el6.src",
"product_id": "eap7-ironjacamar-0:1.3.7-1.Final_redhat_1.1.ep7.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar@1.3.7-1.Final_redhat_1.1.ep7.el6?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-resteasy-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.src",
"product": {
"name": "eap7-resteasy-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.src",
"product_id": "eap7-resteasy-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-resteasy@3.0.19-6.SP4_redhat_1.1.ep7.el6?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-glassfish-jsf-0:2.2.12-2.SP4_redhat_1.1.ep7.el6.src",
"product": {
"name": "eap7-glassfish-jsf-0:2.2.12-2.SP4_redhat_1.1.ep7.el6.src",
"product_id": "eap7-glassfish-jsf-0:2.2.12-2.SP4_redhat_1.1.ep7.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-glassfish-jsf@2.2.12-2.SP4_redhat_1.1.ep7.el6?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-xnio-base-0:3.4.6-1.Final_redhat_1.1.ep7.el6.src",
"product": {
"name": "eap7-jboss-xnio-base-0:3.4.6-1.Final_redhat_1.1.ep7.el6.src",
"product_id": "eap7-jboss-xnio-base-0:3.4.6-1.Final_redhat_1.1.ep7.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-xnio-base@3.4.6-1.Final_redhat_1.1.ep7.el6?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-0:5.0.14-1.Final_redhat_1.1.ep7.el6.src",
"product": {
"name": "eap7-hibernate-0:5.0.14-1.Final_redhat_1.1.ep7.el6.src",
"product_id": "eap7-hibernate-0:5.0.14-1.Final_redhat_1.1.ep7.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate@5.0.14-1.Final_redhat_1.1.ep7.el6?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-remoting-0:4.0.23-1.Final_redhat_1.1.ep7.el6.src",
"product": {
"name": "eap7-jboss-remoting-0:4.0.23-1.Final_redhat_1.1.ep7.el6.src",
"product_id": "eap7-jboss-remoting-0:4.0.23-1.Final_redhat_1.1.ep7.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-remoting@4.0.23-1.Final_redhat_1.1.ep7.el6?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-databind-0:2.5.4-2.redhat_2.1.ep7.el6.src",
"product": {
"name": "eap7-jackson-databind-0:2.5.4-2.redhat_2.1.ep7.el6.src",
"product_id": "eap7-jackson-databind-0:2.5.4-2.redhat_2.1.ep7.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-databind@2.5.4-2.redhat_2.1.ep7.el6?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-javadocs-0:7.0.7-3.GA_redhat_4.1.ep7.el6.src",
"product": {
"name": "eap7-wildfly-javadocs-0:7.0.7-3.GA_redhat_4.1.ep7.el6.src",
"product_id": "eap7-wildfly-javadocs-0:7.0.7-3.GA_redhat_4.1.ep7.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-javadocs@7.0.7-3.GA_redhat_4.1.ep7.el6?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-0:7.0.7-4.GA_redhat_3.1.ep7.el6.src",
"product": {
"name": "eap7-wildfly-0:7.0.7-4.GA_redhat_3.1.ep7.el6.src",
"product_id": "eap7-wildfly-0:7.0.7-4.GA_redhat_3.1.ep7.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly@7.0.7-4.GA_redhat_3.1.ep7.el6?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-0:1.1.0-18.SP21_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.0:eap7-activemq-artemis-0:1.1.0-18.SP21_redhat_1.1.ep7.el6.noarch"
},
"product_reference": "eap7-activemq-artemis-0:1.1.0-18.SP21_redhat_1.1.ep7.el6.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-0:1.1.0-18.SP21_redhat_1.1.ep7.el6.src as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.0:eap7-activemq-artemis-0:1.1.0-18.SP21_redhat_1.1.ep7.el6.src"
},
"product_reference": "eap7-activemq-artemis-0:1.1.0-18.SP21_redhat_1.1.ep7.el6.src",
"relates_to_product_reference": "6Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-cli-0:1.1.0-18.SP21_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.0:eap7-activemq-artemis-cli-0:1.1.0-18.SP21_redhat_1.1.ep7.el6.noarch"
},
"product_reference": "eap7-activemq-artemis-cli-0:1.1.0-18.SP21_redhat_1.1.ep7.el6.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-commons-0:1.1.0-18.SP21_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.0:eap7-activemq-artemis-commons-0:1.1.0-18.SP21_redhat_1.1.ep7.el6.noarch"
},
"product_reference": "eap7-activemq-artemis-commons-0:1.1.0-18.SP21_redhat_1.1.ep7.el6.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-core-client-0:1.1.0-18.SP21_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.0:eap7-activemq-artemis-core-client-0:1.1.0-18.SP21_redhat_1.1.ep7.el6.noarch"
},
"product_reference": "eap7-activemq-artemis-core-client-0:1.1.0-18.SP21_redhat_1.1.ep7.el6.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-dto-0:1.1.0-18.SP21_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.0:eap7-activemq-artemis-dto-0:1.1.0-18.SP21_redhat_1.1.ep7.el6.noarch"
},
"product_reference": "eap7-activemq-artemis-dto-0:1.1.0-18.SP21_redhat_1.1.ep7.el6.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-hornetq-protocol-0:1.1.0-18.SP21_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.0:eap7-activemq-artemis-hornetq-protocol-0:1.1.0-18.SP21_redhat_1.1.ep7.el6.noarch"
},
"product_reference": "eap7-activemq-artemis-hornetq-protocol-0:1.1.0-18.SP21_redhat_1.1.ep7.el6.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-hqclient-protocol-0:1.1.0-18.SP21_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.0:eap7-activemq-artemis-hqclient-protocol-0:1.1.0-18.SP21_redhat_1.1.ep7.el6.noarch"
},
"product_reference": "eap7-activemq-artemis-hqclient-protocol-0:1.1.0-18.SP21_redhat_1.1.ep7.el6.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-jms-client-0:1.1.0-18.SP21_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.0:eap7-activemq-artemis-jms-client-0:1.1.0-18.SP21_redhat_1.1.ep7.el6.noarch"
},
"product_reference": "eap7-activemq-artemis-jms-client-0:1.1.0-18.SP21_redhat_1.1.ep7.el6.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-jms-server-0:1.1.0-18.SP21_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.0:eap7-activemq-artemis-jms-server-0:1.1.0-18.SP21_redhat_1.1.ep7.el6.noarch"
},
"product_reference": "eap7-activemq-artemis-jms-server-0:1.1.0-18.SP21_redhat_1.1.ep7.el6.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-journal-0:1.1.0-18.SP21_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.0:eap7-activemq-artemis-journal-0:1.1.0-18.SP21_redhat_1.1.ep7.el6.noarch"
},
"product_reference": "eap7-activemq-artemis-journal-0:1.1.0-18.SP21_redhat_1.1.ep7.el6.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-native-0:1.1.0-18.SP21_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.0:eap7-activemq-artemis-native-0:1.1.0-18.SP21_redhat_1.1.ep7.el6.noarch"
},
"product_reference": "eap7-activemq-artemis-native-0:1.1.0-18.SP21_redhat_1.1.ep7.el6.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-ra-0:1.1.0-18.SP21_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.0:eap7-activemq-artemis-ra-0:1.1.0-18.SP21_redhat_1.1.ep7.el6.noarch"
},
"product_reference": "eap7-activemq-artemis-ra-0:1.1.0-18.SP21_redhat_1.1.ep7.el6.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-selector-0:1.1.0-18.SP21_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.0:eap7-activemq-artemis-selector-0:1.1.0-18.SP21_redhat_1.1.ep7.el6.noarch"
},
"product_reference": "eap7-activemq-artemis-selector-0:1.1.0-18.SP21_redhat_1.1.ep7.el6.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-server-0:1.1.0-18.SP21_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.0:eap7-activemq-artemis-server-0:1.1.0-18.SP21_redhat_1.1.ep7.el6.noarch"
},
"product_reference": "eap7-activemq-artemis-server-0:1.1.0-18.SP21_redhat_1.1.ep7.el6.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-service-extensions-0:1.1.0-18.SP21_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.0:eap7-activemq-artemis-service-extensions-0:1.1.0-18.SP21_redhat_1.1.ep7.el6.noarch"
},
"product_reference": "eap7-activemq-artemis-service-extensions-0:1.1.0-18.SP21_redhat_1.1.ep7.el6.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-glassfish-jsf-0:2.2.12-2.SP4_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.0:eap7-glassfish-jsf-0:2.2.12-2.SP4_redhat_1.1.ep7.el6.noarch"
},
"product_reference": "eap7-glassfish-jsf-0:2.2.12-2.SP4_redhat_1.1.ep7.el6.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-glassfish-jsf-0:2.2.12-2.SP4_redhat_1.1.ep7.el6.src as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.0:eap7-glassfish-jsf-0:2.2.12-2.SP4_redhat_1.1.ep7.el6.src"
},
"product_reference": "eap7-glassfish-jsf-0:2.2.12-2.SP4_redhat_1.1.ep7.el6.src",
"relates_to_product_reference": "6Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-0:5.0.14-1.Final_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.0:eap7-hibernate-0:5.0.14-1.Final_redhat_1.1.ep7.el6.noarch"
},
"product_reference": "eap7-hibernate-0:5.0.14-1.Final_redhat_1.1.ep7.el6.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-0:5.0.14-1.Final_redhat_1.1.ep7.el6.src as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.0:eap7-hibernate-0:5.0.14-1.Final_redhat_1.1.ep7.el6.src"
},
"product_reference": "eap7-hibernate-0:5.0.14-1.Final_redhat_1.1.ep7.el6.src",
"relates_to_product_reference": "6Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-core-0:5.0.14-1.Final_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.0:eap7-hibernate-core-0:5.0.14-1.Final_redhat_1.1.ep7.el6.noarch"
},
"product_reference": "eap7-hibernate-core-0:5.0.14-1.Final_redhat_1.1.ep7.el6.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-entitymanager-0:5.0.14-1.Final_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.0:eap7-hibernate-entitymanager-0:5.0.14-1.Final_redhat_1.1.ep7.el6.noarch"
},
"product_reference": "eap7-hibernate-entitymanager-0:5.0.14-1.Final_redhat_1.1.ep7.el6.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-envers-0:5.0.14-1.Final_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.0:eap7-hibernate-envers-0:5.0.14-1.Final_redhat_1.1.ep7.el6.noarch"
},
"product_reference": "eap7-hibernate-envers-0:5.0.14-1.Final_redhat_1.1.ep7.el6.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-infinispan-0:5.0.14-1.Final_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.0:eap7-hibernate-infinispan-0:5.0.14-1.Final_redhat_1.1.ep7.el6.noarch"
},
"product_reference": "eap7-hibernate-infinispan-0:5.0.14-1.Final_redhat_1.1.ep7.el6.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-java8-0:5.0.14-1.Final_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.0:eap7-hibernate-java8-0:5.0.14-1.Final_redhat_1.1.ep7.el6.noarch"
},
"product_reference": "eap7-hibernate-java8-0:5.0.14-1.Final_redhat_1.1.ep7.el6.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-0:1.3.7-1.Final_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.0:eap7-ironjacamar-0:1.3.7-1.Final_redhat_1.1.ep7.el6.noarch"
},
"product_reference": "eap7-ironjacamar-0:1.3.7-1.Final_redhat_1.1.ep7.el6.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-0:1.3.7-1.Final_redhat_1.1.ep7.el6.src as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.0:eap7-ironjacamar-0:1.3.7-1.Final_redhat_1.1.ep7.el6.src"
},
"product_reference": "eap7-ironjacamar-0:1.3.7-1.Final_redhat_1.1.ep7.el6.src",
"relates_to_product_reference": "6Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-common-api-0:1.3.7-1.Final_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.0:eap7-ironjacamar-common-api-0:1.3.7-1.Final_redhat_1.1.ep7.el6.noarch"
},
"product_reference": "eap7-ironjacamar-common-api-0:1.3.7-1.Final_redhat_1.1.ep7.el6.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-common-impl-0:1.3.7-1.Final_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.0:eap7-ironjacamar-common-impl-0:1.3.7-1.Final_redhat_1.1.ep7.el6.noarch"
},
"product_reference": "eap7-ironjacamar-common-impl-0:1.3.7-1.Final_redhat_1.1.ep7.el6.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-common-spi-0:1.3.7-1.Final_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.0:eap7-ironjacamar-common-spi-0:1.3.7-1.Final_redhat_1.1.ep7.el6.noarch"
},
"product_reference": "eap7-ironjacamar-common-spi-0:1.3.7-1.Final_redhat_1.1.ep7.el6.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-core-api-0:1.3.7-1.Final_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.0:eap7-ironjacamar-core-api-0:1.3.7-1.Final_redhat_1.1.ep7.el6.noarch"
},
"product_reference": "eap7-ironjacamar-core-api-0:1.3.7-1.Final_redhat_1.1.ep7.el6.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-core-impl-0:1.3.7-1.Final_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.0:eap7-ironjacamar-core-impl-0:1.3.7-1.Final_redhat_1.1.ep7.el6.noarch"
},
"product_reference": "eap7-ironjacamar-core-impl-0:1.3.7-1.Final_redhat_1.1.ep7.el6.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-deployers-common-0:1.3.7-1.Final_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.0:eap7-ironjacamar-deployers-common-0:1.3.7-1.Final_redhat_1.1.ep7.el6.noarch"
},
"product_reference": "eap7-ironjacamar-deployers-common-0:1.3.7-1.Final_redhat_1.1.ep7.el6.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-jdbc-0:1.3.7-1.Final_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.0:eap7-ironjacamar-jdbc-0:1.3.7-1.Final_redhat_1.1.ep7.el6.noarch"
},
"product_reference": "eap7-ironjacamar-jdbc-0:1.3.7-1.Final_redhat_1.1.ep7.el6.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-validator-0:1.3.7-1.Final_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.0:eap7-ironjacamar-validator-0:1.3.7-1.Final_redhat_1.1.ep7.el6.noarch"
},
"product_reference": "eap7-ironjacamar-validator-0:1.3.7-1.Final_redhat_1.1.ep7.el6.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-databind-0:2.5.4-2.redhat_2.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.0:eap7-jackson-databind-0:2.5.4-2.redhat_2.1.ep7.el6.noarch"
},
"product_reference": "eap7-jackson-databind-0:2.5.4-2.redhat_2.1.ep7.el6.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-databind-0:2.5.4-2.redhat_2.1.ep7.el6.src as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.0:eap7-jackson-databind-0:2.5.4-2.redhat_2.1.ep7.el6.src"
},
"product_reference": "eap7-jackson-databind-0:2.5.4-2.redhat_2.1.ep7.el6.src",
"relates_to_product_reference": "6Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-modules-0:1.5.4-1.Final_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.0:eap7-jboss-modules-0:1.5.4-1.Final_redhat_1.1.ep7.el6.noarch"
},
"product_reference": "eap7-jboss-modules-0:1.5.4-1.Final_redhat_1.1.ep7.el6.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-modules-0:1.5.4-1.Final_redhat_1.1.ep7.el6.src as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.0:eap7-jboss-modules-0:1.5.4-1.Final_redhat_1.1.ep7.el6.src"
},
"product_reference": "eap7-jboss-modules-0:1.5.4-1.Final_redhat_1.1.ep7.el6.src",
"relates_to_product_reference": "6Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-remoting-0:4.0.23-1.Final_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.0:eap7-jboss-remoting-0:4.0.23-1.Final_redhat_1.1.ep7.el6.noarch"
},
"product_reference": "eap7-jboss-remoting-0:4.0.23-1.Final_redhat_1.1.ep7.el6.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-remoting-0:4.0.23-1.Final_redhat_1.1.ep7.el6.src as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.0:eap7-jboss-remoting-0:4.0.23-1.Final_redhat_1.1.ep7.el6.src"
},
"product_reference": "eap7-jboss-remoting-0:4.0.23-1.Final_redhat_1.1.ep7.el6.src",
"relates_to_product_reference": "6Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-xnio-base-0:3.4.6-1.Final_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.0:eap7-jboss-xnio-base-0:3.4.6-1.Final_redhat_1.1.ep7.el6.noarch"
},
"product_reference": "eap7-jboss-xnio-base-0:3.4.6-1.Final_redhat_1.1.ep7.el6.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-xnio-base-0:3.4.6-1.Final_redhat_1.1.ep7.el6.src as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.0:eap7-jboss-xnio-base-0:3.4.6-1.Final_redhat_1.1.ep7.el6.src"
},
"product_reference": "eap7-jboss-xnio-base-0:3.4.6-1.Final_redhat_1.1.ep7.el6.src",
"relates_to_product_reference": "6Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-resteasy-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.0:eap7-resteasy-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.noarch"
},
"product_reference": "eap7-resteasy-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-resteasy-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.src as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.0:eap7-resteasy-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.src"
},
"product_reference": "eap7-resteasy-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.src",
"relates_to_product_reference": "6Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-resteasy-async-http-servlet-3.0-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.0:eap7-resteasy-async-http-servlet-3.0-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.noarch"
},
"product_reference": "eap7-resteasy-async-http-servlet-3.0-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-resteasy-atom-provider-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.0:eap7-resteasy-atom-provider-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.noarch"
},
"product_reference": "eap7-resteasy-atom-provider-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-resteasy-cdi-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.0:eap7-resteasy-cdi-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.noarch"
},
"product_reference": "eap7-resteasy-cdi-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-resteasy-client-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.0:eap7-resteasy-client-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.noarch"
},
"product_reference": "eap7-resteasy-client-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-resteasy-crypto-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.0:eap7-resteasy-crypto-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.noarch"
},
"product_reference": "eap7-resteasy-crypto-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-resteasy-jackson-provider-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.0:eap7-resteasy-jackson-provider-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.noarch"
},
"product_reference": "eap7-resteasy-jackson-provider-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-resteasy-jackson2-provider-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.0:eap7-resteasy-jackson2-provider-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.noarch"
},
"product_reference": "eap7-resteasy-jackson2-provider-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-resteasy-jaxb-provider-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.0:eap7-resteasy-jaxb-provider-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.noarch"
},
"product_reference": "eap7-resteasy-jaxb-provider-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-resteasy-jaxrs-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.0:eap7-resteasy-jaxrs-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.noarch"
},
"product_reference": "eap7-resteasy-jaxrs-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-resteasy-jettison-provider-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.0:eap7-resteasy-jettison-provider-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.noarch"
},
"product_reference": "eap7-resteasy-jettison-provider-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-resteasy-jose-jwt-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.0:eap7-resteasy-jose-jwt-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.noarch"
},
"product_reference": "eap7-resteasy-jose-jwt-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-resteasy-jsapi-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.0:eap7-resteasy-jsapi-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.noarch"
},
"product_reference": "eap7-resteasy-jsapi-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-resteasy-json-p-provider-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.0:eap7-resteasy-json-p-provider-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.noarch"
},
"product_reference": "eap7-resteasy-json-p-provider-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-resteasy-multipart-provider-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.0:eap7-resteasy-multipart-provider-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.noarch"
},
"product_reference": "eap7-resteasy-multipart-provider-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-resteasy-spring-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.0:eap7-resteasy-spring-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.noarch"
},
"product_reference": "eap7-resteasy-spring-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-resteasy-validator-provider-11-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.0:eap7-resteasy-validator-provider-11-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.noarch"
},
"product_reference": "eap7-resteasy-validator-provider-11-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-resteasy-yaml-provider-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.0:eap7-resteasy-yaml-provider-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.noarch"
},
"product_reference": "eap7-resteasy-yaml-provider-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-0:7.0.7-4.GA_redhat_3.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.0:eap7-wildfly-0:7.0.7-4.GA_redhat_3.1.ep7.el6.noarch"
},
"product_reference": "eap7-wildfly-0:7.0.7-4.GA_redhat_3.1.ep7.el6.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-0:7.0.7-4.GA_redhat_3.1.ep7.el6.src as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.0:eap7-wildfly-0:7.0.7-4.GA_redhat_3.1.ep7.el6.src"
},
"product_reference": "eap7-wildfly-0:7.0.7-4.GA_redhat_3.1.ep7.el6.src",
"relates_to_product_reference": "6Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-javadocs-0:7.0.7-3.GA_redhat_4.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.0:eap7-wildfly-javadocs-0:7.0.7-3.GA_redhat_4.1.ep7.el6.noarch"
},
"product_reference": "eap7-wildfly-javadocs-0:7.0.7-3.GA_redhat_4.1.ep7.el6.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-javadocs-0:7.0.7-3.GA_redhat_4.1.ep7.el6.src as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.0:eap7-wildfly-javadocs-0:7.0.7-3.GA_redhat_4.1.ep7.el6.src"
},
"product_reference": "eap7-wildfly-javadocs-0:7.0.7-3.GA_redhat_4.1.ep7.el6.src",
"relates_to_product_reference": "6Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-modules-0:7.0.7-4.GA_redhat_3.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.0:eap7-wildfly-modules-0:7.0.7-4.GA_redhat_3.1.ep7.el6.noarch"
},
"product_reference": "eap7-wildfly-modules-0:7.0.7-4.GA_redhat_3.1.ep7.el6.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-web-console-eap-0:2.8.30-1.Final_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.0:eap7-wildfly-web-console-eap-0:2.8.30-1.Final_redhat_1.1.ep7.el6.noarch"
},
"product_reference": "eap7-wildfly-web-console-eap-0:2.8.30-1.Final_redhat_1.1.ep7.el6.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-web-console-eap-0:2.8.30-1.Final_redhat_1.1.ep7.el6.src as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.0:eap7-wildfly-web-console-eap-0:2.8.30-1.Final_redhat_1.1.ep7.el6.src"
},
"product_reference": "eap7-wildfly-web-console-eap-0:2.8.30-1.Final_redhat_1.1.ep7.el6.src",
"relates_to_product_reference": "6Server-JBEAP-7.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2016-4978",
"discovery_date": "2016-09-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1379207"
}
],
"notes": [
{
"category": "description",
"text": "It was found that use of a JMS ObjectMessage does not safely handle user supplied data when deserializing objects. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using a JMS ObjectMessage.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Artemis: Deserialization of untrusted input vulnerability",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-JBEAP-7.0:eap7-activemq-artemis-0:1.1.0-18.SP21_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-0:1.1.0-18.SP21_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-activemq-artemis-cli-0:1.1.0-18.SP21_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-commons-0:1.1.0-18.SP21_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-core-client-0:1.1.0-18.SP21_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-dto-0:1.1.0-18.SP21_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-hornetq-protocol-0:1.1.0-18.SP21_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-hqclient-protocol-0:1.1.0-18.SP21_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-jms-client-0:1.1.0-18.SP21_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-jms-server-0:1.1.0-18.SP21_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-journal-0:1.1.0-18.SP21_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-native-0:1.1.0-18.SP21_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-ra-0:1.1.0-18.SP21_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-selector-0:1.1.0-18.SP21_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-server-0:1.1.0-18.SP21_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-service-extensions-0:1.1.0-18.SP21_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-glassfish-jsf-0:2.2.12-2.SP4_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-glassfish-jsf-0:2.2.12-2.SP4_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-hibernate-0:5.0.14-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-hibernate-0:5.0.14-1.Final_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-hibernate-core-0:5.0.14-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-hibernate-entitymanager-0:5.0.14-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-hibernate-envers-0:5.0.14-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-hibernate-infinispan-0:5.0.14-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-hibernate-java8-0:5.0.14-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-ironjacamar-0:1.3.7-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-ironjacamar-0:1.3.7-1.Final_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-ironjacamar-common-api-0:1.3.7-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-ironjacamar-common-impl-0:1.3.7-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-ironjacamar-common-spi-0:1.3.7-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-ironjacamar-core-api-0:1.3.7-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-ironjacamar-core-impl-0:1.3.7-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-ironjacamar-deployers-common-0:1.3.7-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-ironjacamar-jdbc-0:1.3.7-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-ironjacamar-validator-0:1.3.7-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jackson-databind-0:2.5.4-2.redhat_2.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jackson-databind-0:2.5.4-2.redhat_2.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-jboss-modules-0:1.5.4-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jboss-modules-0:1.5.4-1.Final_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-jboss-remoting-0:4.0.23-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jboss-remoting-0:4.0.23-1.Final_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-jboss-xnio-base-0:3.4.6-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jboss-xnio-base-0:3.4.6-1.Final_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-resteasy-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-resteasy-async-http-servlet-3.0-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-atom-provider-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-cdi-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-client-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-crypto-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-jackson-provider-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-jackson2-provider-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-jaxb-provider-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-jaxrs-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-jettison-provider-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-jose-jwt-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-jsapi-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-json-p-provider-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-multipart-provider-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-spring-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-validator-provider-11-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-yaml-provider-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-wildfly-0:7.0.7-4.GA_redhat_3.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-wildfly-0:7.0.7-4.GA_redhat_3.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-wildfly-javadocs-0:7.0.7-3.GA_redhat_4.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-wildfly-javadocs-0:7.0.7-3.GA_redhat_4.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-wildfly-modules-0:7.0.7-4.GA_redhat_3.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-wildfly-web-console-eap-0:2.8.30-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-wildfly-web-console-eap-0:2.8.30-1.Final_redhat_1.1.ep7.el6.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-4978"
},
{
"category": "external",
"summary": "RHBZ#1379207",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1379207"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-4978",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4978"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-4978",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-4978"
}
],
"release_date": "2016-09-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-07-31T14:59:10+00:00",
"details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-JBEAP-7.0:eap7-activemq-artemis-0:1.1.0-18.SP21_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-0:1.1.0-18.SP21_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-activemq-artemis-cli-0:1.1.0-18.SP21_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-commons-0:1.1.0-18.SP21_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-core-client-0:1.1.0-18.SP21_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-dto-0:1.1.0-18.SP21_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-hornetq-protocol-0:1.1.0-18.SP21_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-hqclient-protocol-0:1.1.0-18.SP21_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-jms-client-0:1.1.0-18.SP21_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-jms-server-0:1.1.0-18.SP21_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-journal-0:1.1.0-18.SP21_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-native-0:1.1.0-18.SP21_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-ra-0:1.1.0-18.SP21_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-selector-0:1.1.0-18.SP21_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-server-0:1.1.0-18.SP21_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-service-extensions-0:1.1.0-18.SP21_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-glassfish-jsf-0:2.2.12-2.SP4_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-glassfish-jsf-0:2.2.12-2.SP4_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-hibernate-0:5.0.14-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-hibernate-0:5.0.14-1.Final_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-hibernate-core-0:5.0.14-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-hibernate-entitymanager-0:5.0.14-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-hibernate-envers-0:5.0.14-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-hibernate-infinispan-0:5.0.14-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-hibernate-java8-0:5.0.14-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-ironjacamar-0:1.3.7-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-ironjacamar-0:1.3.7-1.Final_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-ironjacamar-common-api-0:1.3.7-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-ironjacamar-common-impl-0:1.3.7-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-ironjacamar-common-spi-0:1.3.7-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-ironjacamar-core-api-0:1.3.7-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-ironjacamar-core-impl-0:1.3.7-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-ironjacamar-deployers-common-0:1.3.7-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-ironjacamar-jdbc-0:1.3.7-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-ironjacamar-validator-0:1.3.7-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jackson-databind-0:2.5.4-2.redhat_2.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jackson-databind-0:2.5.4-2.redhat_2.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-jboss-modules-0:1.5.4-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jboss-modules-0:1.5.4-1.Final_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-jboss-remoting-0:4.0.23-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jboss-remoting-0:4.0.23-1.Final_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-jboss-xnio-base-0:3.4.6-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jboss-xnio-base-0:3.4.6-1.Final_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-resteasy-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-resteasy-async-http-servlet-3.0-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-atom-provider-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-cdi-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-client-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-crypto-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-jackson-provider-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-jackson2-provider-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-jaxb-provider-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-jaxrs-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-jettison-provider-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-jose-jwt-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-jsapi-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-json-p-provider-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-multipart-provider-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-spring-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-validator-provider-11-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-yaml-provider-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-wildfly-0:7.0.7-4.GA_redhat_3.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-wildfly-0:7.0.7-4.GA_redhat_3.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-wildfly-javadocs-0:7.0.7-3.GA_redhat_4.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-wildfly-javadocs-0:7.0.7-3.GA_redhat_4.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-wildfly-modules-0:7.0.7-4.GA_redhat_3.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-wildfly-web-console-eap-0:2.8.30-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-wildfly-web-console-eap-0:2.8.30-1.Final_redhat_1.1.ep7.el6.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:1834"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"6Server-JBEAP-7.0:eap7-activemq-artemis-0:1.1.0-18.SP21_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-0:1.1.0-18.SP21_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-activemq-artemis-cli-0:1.1.0-18.SP21_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-commons-0:1.1.0-18.SP21_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-core-client-0:1.1.0-18.SP21_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-dto-0:1.1.0-18.SP21_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-hornetq-protocol-0:1.1.0-18.SP21_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-hqclient-protocol-0:1.1.0-18.SP21_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-jms-client-0:1.1.0-18.SP21_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-jms-server-0:1.1.0-18.SP21_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-journal-0:1.1.0-18.SP21_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-native-0:1.1.0-18.SP21_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-ra-0:1.1.0-18.SP21_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-selector-0:1.1.0-18.SP21_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-server-0:1.1.0-18.SP21_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-service-extensions-0:1.1.0-18.SP21_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-glassfish-jsf-0:2.2.12-2.SP4_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-glassfish-jsf-0:2.2.12-2.SP4_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-hibernate-0:5.0.14-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-hibernate-0:5.0.14-1.Final_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-hibernate-core-0:5.0.14-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-hibernate-entitymanager-0:5.0.14-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-hibernate-envers-0:5.0.14-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-hibernate-infinispan-0:5.0.14-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-hibernate-java8-0:5.0.14-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-ironjacamar-0:1.3.7-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-ironjacamar-0:1.3.7-1.Final_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-ironjacamar-common-api-0:1.3.7-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-ironjacamar-common-impl-0:1.3.7-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-ironjacamar-common-spi-0:1.3.7-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-ironjacamar-core-api-0:1.3.7-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-ironjacamar-core-impl-0:1.3.7-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-ironjacamar-deployers-common-0:1.3.7-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-ironjacamar-jdbc-0:1.3.7-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-ironjacamar-validator-0:1.3.7-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jackson-databind-0:2.5.4-2.redhat_2.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jackson-databind-0:2.5.4-2.redhat_2.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-jboss-modules-0:1.5.4-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jboss-modules-0:1.5.4-1.Final_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-jboss-remoting-0:4.0.23-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jboss-remoting-0:4.0.23-1.Final_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-jboss-xnio-base-0:3.4.6-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jboss-xnio-base-0:3.4.6-1.Final_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-resteasy-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-resteasy-async-http-servlet-3.0-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-atom-provider-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-cdi-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-client-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-crypto-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-jackson-provider-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-jackson2-provider-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-jaxb-provider-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-jaxrs-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-jettison-provider-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-jose-jwt-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-jsapi-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-json-p-provider-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-multipart-provider-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-spring-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-validator-provider-11-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-yaml-provider-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-wildfly-0:7.0.7-4.GA_redhat_3.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-wildfly-0:7.0.7-4.GA_redhat_3.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-wildfly-javadocs-0:7.0.7-3.GA_redhat_4.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-wildfly-javadocs-0:7.0.7-3.GA_redhat_4.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-wildfly-modules-0:7.0.7-4.GA_redhat_3.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-wildfly-web-console-eap-0:2.8.30-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-wildfly-web-console-eap-0:2.8.30-1.Final_redhat_1.1.ep7.el6.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Artemis: Deserialization of untrusted input vulnerability"
},
{
"acknowledgments": [
{
"names": [
"Liao Xinxi"
],
"organization": "NSFOCUS"
}
],
"cve": "CVE-2017-7525",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2017-06-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1462702"
}
],
"notes": [
{
"category": "description",
"text": "A deserialization flaw was discovered in the jackson-databind which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: Deserialization vulnerability via readValue method of ObjectMapper",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue affects the versions of jackson-databind (in Satellite 6.0 and 6.1) and candlepin (which embeds a copy of jackson-databind in Satellite 6.2) as shipped with Red Hat Satellite 6.x. However the affected code is NOT used at this time:\n\nCandlepin currently uses the default type resolution configuration for the ObjectMappers it creates/uses. Nowhere in candlepin do we enable global polymorphic deserialization via enableDefaultTyping(...), therefore based on the documentation sited BZ 1462702 , candlepin should not be affected.\n\nHowever as the vulnerable software ships with the product we have marked them as vulnerable to ensure the issue is tracked.\n\nJBoss EAP 7.x only uses the vulnerable Jackson Databind library for marshalling and unmarshalling of JSON objects passed to JAX-RS webservices. Some advise about how to remain safe when using JAX-RS webservices on JBoss EAP 7.x is available here: \n\nhttps://access.redhat.com/solutions/3279231\n\nAlthough JBoss Fuse ships the vulnerable version of jackson-databind, it does not call on enableDefaultTyping() for any polymorphic deserialization operations which is the root cause of this vulnerability. We have raised a Jira tracker to ensure that jackson-databind will be upgraded for Fuse 7.0, however due to feasibility issues jackson-databind cannot be upgraded in JBoss Fuse 6.3.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-JBEAP-7.0:eap7-activemq-artemis-0:1.1.0-18.SP21_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-0:1.1.0-18.SP21_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-activemq-artemis-cli-0:1.1.0-18.SP21_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-commons-0:1.1.0-18.SP21_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-core-client-0:1.1.0-18.SP21_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-dto-0:1.1.0-18.SP21_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-hornetq-protocol-0:1.1.0-18.SP21_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-hqclient-protocol-0:1.1.0-18.SP21_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-jms-client-0:1.1.0-18.SP21_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-jms-server-0:1.1.0-18.SP21_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-journal-0:1.1.0-18.SP21_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-native-0:1.1.0-18.SP21_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-ra-0:1.1.0-18.SP21_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-selector-0:1.1.0-18.SP21_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-server-0:1.1.0-18.SP21_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-service-extensions-0:1.1.0-18.SP21_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-glassfish-jsf-0:2.2.12-2.SP4_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-glassfish-jsf-0:2.2.12-2.SP4_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-hibernate-0:5.0.14-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-hibernate-0:5.0.14-1.Final_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-hibernate-core-0:5.0.14-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-hibernate-entitymanager-0:5.0.14-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-hibernate-envers-0:5.0.14-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-hibernate-infinispan-0:5.0.14-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-hibernate-java8-0:5.0.14-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-ironjacamar-0:1.3.7-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-ironjacamar-0:1.3.7-1.Final_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-ironjacamar-common-api-0:1.3.7-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-ironjacamar-common-impl-0:1.3.7-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-ironjacamar-common-spi-0:1.3.7-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-ironjacamar-core-api-0:1.3.7-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-ironjacamar-core-impl-0:1.3.7-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-ironjacamar-deployers-common-0:1.3.7-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-ironjacamar-jdbc-0:1.3.7-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-ironjacamar-validator-0:1.3.7-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jackson-databind-0:2.5.4-2.redhat_2.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jackson-databind-0:2.5.4-2.redhat_2.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-jboss-modules-0:1.5.4-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jboss-modules-0:1.5.4-1.Final_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-jboss-remoting-0:4.0.23-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jboss-remoting-0:4.0.23-1.Final_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-jboss-xnio-base-0:3.4.6-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jboss-xnio-base-0:3.4.6-1.Final_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-resteasy-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-resteasy-async-http-servlet-3.0-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-atom-provider-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-cdi-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-client-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-crypto-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-jackson-provider-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-jackson2-provider-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-jaxb-provider-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-jaxrs-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-jettison-provider-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-jose-jwt-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-jsapi-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-json-p-provider-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-multipart-provider-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-spring-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-validator-provider-11-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-yaml-provider-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-wildfly-0:7.0.7-4.GA_redhat_3.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-wildfly-0:7.0.7-4.GA_redhat_3.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-wildfly-javadocs-0:7.0.7-3.GA_redhat_4.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-wildfly-javadocs-0:7.0.7-3.GA_redhat_4.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-wildfly-modules-0:7.0.7-4.GA_redhat_3.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-wildfly-web-console-eap-0:2.8.30-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-wildfly-web-console-eap-0:2.8.30-1.Final_redhat_1.1.ep7.el6.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-7525"
},
{
"category": "external",
"summary": "RHBZ#1462702",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1462702"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-7525",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7525"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-7525",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7525"
}
],
"release_date": "2017-07-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-07-31T14:59:10+00:00",
"details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-JBEAP-7.0:eap7-activemq-artemis-0:1.1.0-18.SP21_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-0:1.1.0-18.SP21_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-activemq-artemis-cli-0:1.1.0-18.SP21_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-commons-0:1.1.0-18.SP21_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-core-client-0:1.1.0-18.SP21_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-dto-0:1.1.0-18.SP21_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-hornetq-protocol-0:1.1.0-18.SP21_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-hqclient-protocol-0:1.1.0-18.SP21_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-jms-client-0:1.1.0-18.SP21_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-jms-server-0:1.1.0-18.SP21_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-journal-0:1.1.0-18.SP21_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-native-0:1.1.0-18.SP21_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-ra-0:1.1.0-18.SP21_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-selector-0:1.1.0-18.SP21_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-server-0:1.1.0-18.SP21_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-service-extensions-0:1.1.0-18.SP21_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-glassfish-jsf-0:2.2.12-2.SP4_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-glassfish-jsf-0:2.2.12-2.SP4_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-hibernate-0:5.0.14-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-hibernate-0:5.0.14-1.Final_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-hibernate-core-0:5.0.14-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-hibernate-entitymanager-0:5.0.14-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-hibernate-envers-0:5.0.14-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-hibernate-infinispan-0:5.0.14-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-hibernate-java8-0:5.0.14-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-ironjacamar-0:1.3.7-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-ironjacamar-0:1.3.7-1.Final_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-ironjacamar-common-api-0:1.3.7-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-ironjacamar-common-impl-0:1.3.7-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-ironjacamar-common-spi-0:1.3.7-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-ironjacamar-core-api-0:1.3.7-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-ironjacamar-core-impl-0:1.3.7-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-ironjacamar-deployers-common-0:1.3.7-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-ironjacamar-jdbc-0:1.3.7-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-ironjacamar-validator-0:1.3.7-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jackson-databind-0:2.5.4-2.redhat_2.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jackson-databind-0:2.5.4-2.redhat_2.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-jboss-modules-0:1.5.4-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jboss-modules-0:1.5.4-1.Final_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-jboss-remoting-0:4.0.23-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jboss-remoting-0:4.0.23-1.Final_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-jboss-xnio-base-0:3.4.6-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jboss-xnio-base-0:3.4.6-1.Final_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-resteasy-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-resteasy-async-http-servlet-3.0-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-atom-provider-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-cdi-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-client-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-crypto-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-jackson-provider-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-jackson2-provider-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-jaxb-provider-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-jaxrs-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-jettison-provider-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-jose-jwt-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-jsapi-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-json-p-provider-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-multipart-provider-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-spring-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-validator-provider-11-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-yaml-provider-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-wildfly-0:7.0.7-4.GA_redhat_3.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-wildfly-0:7.0.7-4.GA_redhat_3.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-wildfly-javadocs-0:7.0.7-3.GA_redhat_4.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-wildfly-javadocs-0:7.0.7-3.GA_redhat_4.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-wildfly-modules-0:7.0.7-4.GA_redhat_3.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-wildfly-web-console-eap-0:2.8.30-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-wildfly-web-console-eap-0:2.8.30-1.Final_redhat_1.1.ep7.el6.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:1834"
},
{
"category": "workaround",
"details": "Mitigation to this problem is to not trigger polymorphic desrialization globally by using: objectMapper.enableDefaultTyping() and rather use @JsonTypeInfo on the class property to explicitly define the type information. For more information on this issue please refer to https://www.github.com/mbechler/marshalsec/blob/master/marshalsec.pdf?raw=true",
"product_ids": [
"6Server-JBEAP-7.0:eap7-activemq-artemis-0:1.1.0-18.SP21_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-0:1.1.0-18.SP21_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-activemq-artemis-cli-0:1.1.0-18.SP21_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-commons-0:1.1.0-18.SP21_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-core-client-0:1.1.0-18.SP21_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-dto-0:1.1.0-18.SP21_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-hornetq-protocol-0:1.1.0-18.SP21_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-hqclient-protocol-0:1.1.0-18.SP21_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-jms-client-0:1.1.0-18.SP21_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-jms-server-0:1.1.0-18.SP21_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-journal-0:1.1.0-18.SP21_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-native-0:1.1.0-18.SP21_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-ra-0:1.1.0-18.SP21_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-selector-0:1.1.0-18.SP21_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-server-0:1.1.0-18.SP21_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-service-extensions-0:1.1.0-18.SP21_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-glassfish-jsf-0:2.2.12-2.SP4_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-glassfish-jsf-0:2.2.12-2.SP4_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-hibernate-0:5.0.14-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-hibernate-0:5.0.14-1.Final_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-hibernate-core-0:5.0.14-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-hibernate-entitymanager-0:5.0.14-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-hibernate-envers-0:5.0.14-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-hibernate-infinispan-0:5.0.14-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-hibernate-java8-0:5.0.14-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-ironjacamar-0:1.3.7-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-ironjacamar-0:1.3.7-1.Final_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-ironjacamar-common-api-0:1.3.7-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-ironjacamar-common-impl-0:1.3.7-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-ironjacamar-common-spi-0:1.3.7-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-ironjacamar-core-api-0:1.3.7-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-ironjacamar-core-impl-0:1.3.7-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-ironjacamar-deployers-common-0:1.3.7-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-ironjacamar-jdbc-0:1.3.7-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-ironjacamar-validator-0:1.3.7-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jackson-databind-0:2.5.4-2.redhat_2.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jackson-databind-0:2.5.4-2.redhat_2.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-jboss-modules-0:1.5.4-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jboss-modules-0:1.5.4-1.Final_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-jboss-remoting-0:4.0.23-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jboss-remoting-0:4.0.23-1.Final_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-jboss-xnio-base-0:3.4.6-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jboss-xnio-base-0:3.4.6-1.Final_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-resteasy-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-resteasy-async-http-servlet-3.0-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-atom-provider-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-cdi-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-client-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-crypto-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-jackson-provider-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-jackson2-provider-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-jaxb-provider-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-jaxrs-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-jettison-provider-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-jose-jwt-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-jsapi-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-json-p-provider-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-multipart-provider-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-spring-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-validator-provider-11-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-yaml-provider-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-wildfly-0:7.0.7-4.GA_redhat_3.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-wildfly-0:7.0.7-4.GA_redhat_3.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-wildfly-javadocs-0:7.0.7-3.GA_redhat_4.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-wildfly-javadocs-0:7.0.7-3.GA_redhat_4.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-wildfly-modules-0:7.0.7-4.GA_redhat_3.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-wildfly-web-console-eap-0:2.8.30-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-wildfly-web-console-eap-0:2.8.30-1.Final_redhat_1.1.ep7.el6.src"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"6Server-JBEAP-7.0:eap7-activemq-artemis-0:1.1.0-18.SP21_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-0:1.1.0-18.SP21_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-activemq-artemis-cli-0:1.1.0-18.SP21_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-commons-0:1.1.0-18.SP21_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-core-client-0:1.1.0-18.SP21_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-dto-0:1.1.0-18.SP21_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-hornetq-protocol-0:1.1.0-18.SP21_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-hqclient-protocol-0:1.1.0-18.SP21_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-jms-client-0:1.1.0-18.SP21_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-jms-server-0:1.1.0-18.SP21_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-journal-0:1.1.0-18.SP21_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-native-0:1.1.0-18.SP21_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-ra-0:1.1.0-18.SP21_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-selector-0:1.1.0-18.SP21_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-server-0:1.1.0-18.SP21_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-service-extensions-0:1.1.0-18.SP21_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-glassfish-jsf-0:2.2.12-2.SP4_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-glassfish-jsf-0:2.2.12-2.SP4_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-hibernate-0:5.0.14-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-hibernate-0:5.0.14-1.Final_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-hibernate-core-0:5.0.14-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-hibernate-entitymanager-0:5.0.14-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-hibernate-envers-0:5.0.14-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-hibernate-infinispan-0:5.0.14-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-hibernate-java8-0:5.0.14-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-ironjacamar-0:1.3.7-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-ironjacamar-0:1.3.7-1.Final_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-ironjacamar-common-api-0:1.3.7-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-ironjacamar-common-impl-0:1.3.7-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-ironjacamar-common-spi-0:1.3.7-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-ironjacamar-core-api-0:1.3.7-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-ironjacamar-core-impl-0:1.3.7-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-ironjacamar-deployers-common-0:1.3.7-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-ironjacamar-jdbc-0:1.3.7-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-ironjacamar-validator-0:1.3.7-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jackson-databind-0:2.5.4-2.redhat_2.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jackson-databind-0:2.5.4-2.redhat_2.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-jboss-modules-0:1.5.4-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jboss-modules-0:1.5.4-1.Final_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-jboss-remoting-0:4.0.23-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jboss-remoting-0:4.0.23-1.Final_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-jboss-xnio-base-0:3.4.6-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jboss-xnio-base-0:3.4.6-1.Final_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-resteasy-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-resteasy-async-http-servlet-3.0-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-atom-provider-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-cdi-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-client-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-crypto-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-jackson-provider-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-jackson2-provider-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-jaxb-provider-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-jaxrs-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-jettison-provider-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-jose-jwt-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-jsapi-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-json-p-provider-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-multipart-provider-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-spring-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-validator-provider-11-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-yaml-provider-0:3.0.19-6.SP4_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-wildfly-0:7.0.7-4.GA_redhat_3.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-wildfly-0:7.0.7-4.GA_redhat_3.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-wildfly-javadocs-0:7.0.7-3.GA_redhat_4.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-wildfly-javadocs-0:7.0.7-3.GA_redhat_4.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-wildfly-modules-0:7.0.7-4.GA_redhat_3.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-wildfly-web-console-eap-0:2.8.30-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-wildfly-web-console-eap-0:2.8.30-1.Final_redhat_1.1.ep7.el6.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "jackson-databind: Deserialization vulnerability via readValue method of ObjectMapper"
}
]
}
RHSA-2017:1835
Vulnerability from csaf_redhat - Published: 2017-07-31 14:58 - Updated: 2026-05-11 13:49Summary
Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.0.7 on RHEL 7
Severity
Important
Notes
Topic: An update is now available for Red Hat JBoss Enterprise Application Platform 7.0 for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server.
This release of Red Hat JBoss Enterprise Application Platform 7.0.7 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.0.6, and includes bug fixes and enhancements, which are documented in the Release Notes linked to in the References.
Security Fix(es):
* A deserialization flaw was discovered in jackson-databind which could allow an unauthenticated user to perform code execution by sending maliciously crafted input to the readValue method of the ObjectMapper. (CVE-2017-7525)
* It was found that use of a JMS ObjectMessage does not safely handle user-supplied data when deserializing objects. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using the JMS ObjectMessage. (CVE-2016-4978)
Red Hat would like to thank Liao Xinxi (NSFOCUS) for reporting CVE-2017-7525.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
It was found that use of a JMS ObjectMessage does not safely handle user supplied data when deserializing objects. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using a JMS ObjectMessage.
6.6 (Medium)
Affected products
Fixed
69 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-activemq-artemis-0:1.1.0-18.SP21_redhat_1.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-activemq-artemis-0:1.1.0-18.SP21_redhat_1.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-activemq-artemis-cli-0:1.1.0-18.SP21_redhat_1.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-activemq-artemis-commons-0:1.1.0-18.SP21_redhat_1.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-activemq-artemis-core-client-0:1.1.0-18.SP21_redhat_1.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-activemq-artemis-dto-0:1.1.0-18.SP21_redhat_1.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-activemq-artemis-hornetq-protocol-0:1.1.0-18.SP21_redhat_1.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-activemq-artemis-hqclient-protocol-0:1.1.0-18.SP21_redhat_1.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-activemq-artemis-jms-client-0:1.1.0-18.SP21_redhat_1.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-activemq-artemis-jms-server-0:1.1.0-18.SP21_redhat_1.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-activemq-artemis-journal-0:1.1.0-18.SP21_redhat_1.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-activemq-artemis-native-0:1.1.0-18.SP21_redhat_1.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-activemq-artemis-ra-0:1.1.0-18.SP21_redhat_1.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-activemq-artemis-selector-0:1.1.0-18.SP21_redhat_1.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-activemq-artemis-server-0:1.1.0-18.SP21_redhat_1.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-activemq-artemis-service-extensions-0:1.1.0-18.SP21_redhat_1.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-glassfish-jsf-0:2.2.12-2.SP4_redhat_1.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-glassfish-jsf-0:2.2.12-2.SP4_redhat_1.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-hibernate-0:5.0.14-1.Final_redhat_1.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-hibernate-0:5.0.14-1.Final_redhat_1.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-hibernate-core-0:5.0.14-1.Final_redhat_1.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-hibernate-entitymanager-0:5.0.14-1.Final_redhat_1.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-hibernate-envers-0:5.0.14-1.Final_redhat_1.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-hibernate-infinispan-0:5.0.14-1.Final_redhat_1.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-hibernate-java8-0:5.0.14-1.Final_redhat_1.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-ironjacamar-0:1.3.7-1.Final_redhat_1.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-ironjacamar-0:1.3.7-1.Final_redhat_1.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-ironjacamar-common-api-0:1.3.7-1.Final_redhat_1.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-ironjacamar-common-impl-0:1.3.7-1.Final_redhat_1.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-ironjacamar-common-spi-0:1.3.7-1.Final_redhat_1.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-ironjacamar-core-api-0:1.3.7-1.Final_redhat_1.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-ironjacamar-core-impl-0:1.3.7-1.Final_redhat_1.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-ironjacamar-deployers-common-0:1.3.7-1.Final_redhat_1.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-ironjacamar-jdbc-0:1.3.7-1.Final_redhat_1.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-ironjacamar-validator-0:1.3.7-1.Final_redhat_1.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-jackson-databind-0:2.5.4-2.redhat_2.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-jackson-databind-0:2.5.4-2.redhat_2.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-jboss-modules-0:1.5.4-1.Final_redhat_1.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-jboss-modules-0:1.5.4-1.Final_redhat_1.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-jboss-remoting-0:4.0.23-1.Final_redhat_1.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-jboss-remoting-0:4.0.23-1.Final_redhat_1.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-jboss-xnio-base-0:3.4.6-1.Final_redhat_1.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-jboss-xnio-base-0:3.4.6-1.Final_redhat_1.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-resteasy-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-resteasy-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-resteasy-async-http-servlet-3.0-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-resteasy-atom-provider-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-resteasy-cdi-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-resteasy-client-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-resteasy-crypto-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-resteasy-jackson-provider-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-resteasy-jackson2-provider-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-resteasy-jaxb-provider-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-resteasy-jaxrs-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-resteasy-jettison-provider-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-resteasy-jose-jwt-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-resteasy-jsapi-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-resteasy-json-p-provider-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-resteasy-multipart-provider-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-resteasy-spring-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-resteasy-validator-provider-11-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-resteasy-yaml-provider-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-wildfly-0:7.0.7-4.GA_redhat_3.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-wildfly-0:7.0.7-4.GA_redhat_3.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-wildfly-javadocs-0:7.0.7-3.GA_redhat_4.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-wildfly-javadocs-0:7.0.7-3.GA_redhat_4.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-wildfly-modules-0:7.0.7-4.GA_redhat_3.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-wildfly-web-console-eap-0:2.8.30-1.Final_redhat_1.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-wildfly-web-console-eap-0:2.8.30-1.Final_redhat_1.1.ep7.el7.src | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A deserialization flaw was discovered in the jackson-databind which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper.
8.1 (High)
Affected products
Fixed
69 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-activemq-artemis-0:1.1.0-18.SP21_redhat_1.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-activemq-artemis-0:1.1.0-18.SP21_redhat_1.1.ep7.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-activemq-artemis-cli-0:1.1.0-18.SP21_redhat_1.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-activemq-artemis-commons-0:1.1.0-18.SP21_redhat_1.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-activemq-artemis-core-client-0:1.1.0-18.SP21_redhat_1.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-activemq-artemis-dto-0:1.1.0-18.SP21_redhat_1.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-activemq-artemis-hornetq-protocol-0:1.1.0-18.SP21_redhat_1.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-activemq-artemis-hqclient-protocol-0:1.1.0-18.SP21_redhat_1.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-activemq-artemis-jms-client-0:1.1.0-18.SP21_redhat_1.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-activemq-artemis-jms-server-0:1.1.0-18.SP21_redhat_1.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-activemq-artemis-journal-0:1.1.0-18.SP21_redhat_1.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-activemq-artemis-native-0:1.1.0-18.SP21_redhat_1.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-activemq-artemis-ra-0:1.1.0-18.SP21_redhat_1.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-activemq-artemis-selector-0:1.1.0-18.SP21_redhat_1.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-activemq-artemis-server-0:1.1.0-18.SP21_redhat_1.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-activemq-artemis-service-extensions-0:1.1.0-18.SP21_redhat_1.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-glassfish-jsf-0:2.2.12-2.SP4_redhat_1.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-glassfish-jsf-0:2.2.12-2.SP4_redhat_1.1.ep7.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-hibernate-0:5.0.14-1.Final_redhat_1.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-hibernate-0:5.0.14-1.Final_redhat_1.1.ep7.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-hibernate-core-0:5.0.14-1.Final_redhat_1.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-hibernate-entitymanager-0:5.0.14-1.Final_redhat_1.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-hibernate-envers-0:5.0.14-1.Final_redhat_1.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-hibernate-infinispan-0:5.0.14-1.Final_redhat_1.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-hibernate-java8-0:5.0.14-1.Final_redhat_1.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-ironjacamar-0:1.3.7-1.Final_redhat_1.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-ironjacamar-0:1.3.7-1.Final_redhat_1.1.ep7.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-ironjacamar-common-api-0:1.3.7-1.Final_redhat_1.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-ironjacamar-common-impl-0:1.3.7-1.Final_redhat_1.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-ironjacamar-common-spi-0:1.3.7-1.Final_redhat_1.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-ironjacamar-core-api-0:1.3.7-1.Final_redhat_1.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-ironjacamar-core-impl-0:1.3.7-1.Final_redhat_1.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-ironjacamar-deployers-common-0:1.3.7-1.Final_redhat_1.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-ironjacamar-jdbc-0:1.3.7-1.Final_redhat_1.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-ironjacamar-validator-0:1.3.7-1.Final_redhat_1.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-jackson-databind-0:2.5.4-2.redhat_2.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-jackson-databind-0:2.5.4-2.redhat_2.1.ep7.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-jboss-modules-0:1.5.4-1.Final_redhat_1.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-jboss-modules-0:1.5.4-1.Final_redhat_1.1.ep7.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-jboss-remoting-0:4.0.23-1.Final_redhat_1.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-jboss-remoting-0:4.0.23-1.Final_redhat_1.1.ep7.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-jboss-xnio-base-0:3.4.6-1.Final_redhat_1.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-jboss-xnio-base-0:3.4.6-1.Final_redhat_1.1.ep7.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-resteasy-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-resteasy-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-resteasy-async-http-servlet-3.0-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-resteasy-atom-provider-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-resteasy-cdi-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-resteasy-client-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-resteasy-crypto-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-resteasy-jackson-provider-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-resteasy-jackson2-provider-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-resteasy-jaxb-provider-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-resteasy-jaxrs-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-resteasy-jettison-provider-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-resteasy-jose-jwt-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-resteasy-jsapi-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-resteasy-json-p-provider-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-resteasy-multipart-provider-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-resteasy-spring-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-resteasy-validator-provider-11-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-resteasy-yaml-provider-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-wildfly-0:7.0.7-4.GA_redhat_3.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-wildfly-0:7.0.7-4.GA_redhat_3.1.ep7.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-wildfly-javadocs-0:7.0.7-3.GA_redhat_4.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-wildfly-javadocs-0:7.0.7-3.GA_redhat_4.1.ep7.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-wildfly-modules-0:7.0.7-4.GA_redhat_3.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-wildfly-web-console-eap-0:2.8.30-1.Final_redhat_1.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-wildfly-web-console-eap-0:2.8.30-1.Final_redhat_1.1.ep7.el7.src | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
References
17 references
| URL | Category |
|---|---|
| https://access.redhat.com/errata/RHSA-2017:1835 | self |
| https://access.redhat.com/security/updates/classi… | external |
| https://access.redhat.com/documentation/en/red-ha… | external |
| https://access.redhat.com/documentation/en/red-ha… | external |
| https://access.redhat.com/documentation/en/jboss-… | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1379207 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1462702 | external |
| https://issues.redhat.com/browse/JBEAP-9465 | external |
| https://security.access.redhat.com/data/csaf/v2/a… | self |
| https://access.redhat.com/security/cve/CVE-2016-4978 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=1379207 | external |
| https://www.cve.org/CVERecord?id=CVE-2016-4978 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2016-4978 | external |
| https://access.redhat.com/security/cve/CVE-2017-7525 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=1462702 | external |
| https://www.cve.org/CVERecord?id=CVE-2017-7525 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2017-7525 | external |
Acknowledgments
NSFOCUS
Liao Xinxi
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update is now available for Red Hat JBoss Enterprise Application Platform 7.0 for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server.\n\nThis release of Red Hat JBoss Enterprise Application Platform 7.0.7 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.0.6, and includes bug fixes and enhancements, which are documented in the Release Notes linked to in the References.\n\nSecurity Fix(es):\n\n* A deserialization flaw was discovered in jackson-databind which could allow an unauthenticated user to perform code execution by sending maliciously crafted input to the readValue method of the ObjectMapper. (CVE-2017-7525)\n\n* It was found that use of a JMS ObjectMessage does not safely handle user-supplied data when deserializing objects. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using the JMS ObjectMessage. (CVE-2016-4978)\n\nRed Hat would like to thank Liao Xinxi (NSFOCUS) for reporting CVE-2017-7525.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2017:1835",
"url": "https://access.redhat.com/errata/RHSA-2017:1835"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en/red-hat-jboss-enterprise-application-platform/version-7.0/",
"url": "https://access.redhat.com/documentation/en/red-hat-jboss-enterprise-application-platform/version-7.0/"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en/red-hat-jboss-enterprise-application-platform/version-7.0/installation-guide/",
"url": "https://access.redhat.com/documentation/en/red-hat-jboss-enterprise-application-platform/version-7.0/installation-guide/"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en/jboss-enterprise-application-platform/",
"url": "https://access.redhat.com/documentation/en/jboss-enterprise-application-platform/"
},
{
"category": "external",
"summary": "1379207",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1379207"
},
{
"category": "external",
"summary": "1462702",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1462702"
},
{
"category": "external",
"summary": "JBEAP-9465",
"url": "https://issues.redhat.com/browse/JBEAP-9465"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2017/rhsa-2017_1835.json"
}
],
"title": "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.0.7 on RHEL 7",
"tracking": {
"current_release_date": "2026-05-11T13:49:18+00:00",
"generator": {
"date": "2026-05-11T13:49:18+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.9"
}
},
"id": "RHSA-2017:1835",
"initial_release_date": "2017-07-31T14:58:11+00:00",
"revision_history": [
{
"date": "2017-07-31T14:58:11+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2017-07-31T14:58:11+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-05-11T13:49:18+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 7 Server",
"product": {
"name": "Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.0",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7::el7"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss Enterprise Application Platform"
},
{
"branches": [
{
"category": "product_version",
"name": "eap7-jboss-remoting-0:4.0.23-1.Final_redhat_1.1.ep7.el7.src",
"product": {
"name": "eap7-jboss-remoting-0:4.0.23-1.Final_redhat_1.1.ep7.el7.src",
"product_id": "eap7-jboss-remoting-0:4.0.23-1.Final_redhat_1.1.ep7.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-remoting@4.0.23-1.Final_redhat_1.1.ep7.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-modules-0:1.5.4-1.Final_redhat_1.1.ep7.el7.src",
"product": {
"name": "eap7-jboss-modules-0:1.5.4-1.Final_redhat_1.1.ep7.el7.src",
"product_id": "eap7-jboss-modules-0:1.5.4-1.Final_redhat_1.1.ep7.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-modules@1.5.4-1.Final_redhat_1.1.ep7.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-0:1.3.7-1.Final_redhat_1.1.ep7.el7.src",
"product": {
"name": "eap7-ironjacamar-0:1.3.7-1.Final_redhat_1.1.ep7.el7.src",
"product_id": "eap7-ironjacamar-0:1.3.7-1.Final_redhat_1.1.ep7.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar@1.3.7-1.Final_redhat_1.1.ep7.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-resteasy-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.src",
"product": {
"name": "eap7-resteasy-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.src",
"product_id": "eap7-resteasy-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-resteasy@3.0.19-6.SP4_redhat_1.1.ep7.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-0:1.1.0-18.SP21_redhat_1.1.ep7.el7.src",
"product": {
"name": "eap7-activemq-artemis-0:1.1.0-18.SP21_redhat_1.1.ep7.el7.src",
"product_id": "eap7-activemq-artemis-0:1.1.0-18.SP21_redhat_1.1.ep7.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis@1.1.0-18.SP21_redhat_1.1.ep7.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-0:5.0.14-1.Final_redhat_1.1.ep7.el7.src",
"product": {
"name": "eap7-hibernate-0:5.0.14-1.Final_redhat_1.1.ep7.el7.src",
"product_id": "eap7-hibernate-0:5.0.14-1.Final_redhat_1.1.ep7.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate@5.0.14-1.Final_redhat_1.1.ep7.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-web-console-eap-0:2.8.30-1.Final_redhat_1.1.ep7.el7.src",
"product": {
"name": "eap7-wildfly-web-console-eap-0:2.8.30-1.Final_redhat_1.1.ep7.el7.src",
"product_id": "eap7-wildfly-web-console-eap-0:2.8.30-1.Final_redhat_1.1.ep7.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-web-console-eap@2.8.30-1.Final_redhat_1.1.ep7.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-xnio-base-0:3.4.6-1.Final_redhat_1.1.ep7.el7.src",
"product": {
"name": "eap7-jboss-xnio-base-0:3.4.6-1.Final_redhat_1.1.ep7.el7.src",
"product_id": "eap7-jboss-xnio-base-0:3.4.6-1.Final_redhat_1.1.ep7.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-xnio-base@3.4.6-1.Final_redhat_1.1.ep7.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-glassfish-jsf-0:2.2.12-2.SP4_redhat_1.1.ep7.el7.src",
"product": {
"name": "eap7-glassfish-jsf-0:2.2.12-2.SP4_redhat_1.1.ep7.el7.src",
"product_id": "eap7-glassfish-jsf-0:2.2.12-2.SP4_redhat_1.1.ep7.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-glassfish-jsf@2.2.12-2.SP4_redhat_1.1.ep7.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-databind-0:2.5.4-2.redhat_2.1.ep7.el7.src",
"product": {
"name": "eap7-jackson-databind-0:2.5.4-2.redhat_2.1.ep7.el7.src",
"product_id": "eap7-jackson-databind-0:2.5.4-2.redhat_2.1.ep7.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-databind@2.5.4-2.redhat_2.1.ep7.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-javadocs-0:7.0.7-3.GA_redhat_4.1.ep7.el7.src",
"product": {
"name": "eap7-wildfly-javadocs-0:7.0.7-3.GA_redhat_4.1.ep7.el7.src",
"product_id": "eap7-wildfly-javadocs-0:7.0.7-3.GA_redhat_4.1.ep7.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-javadocs@7.0.7-3.GA_redhat_4.1.ep7.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-0:7.0.7-4.GA_redhat_3.1.ep7.el7.src",
"product": {
"name": "eap7-wildfly-0:7.0.7-4.GA_redhat_3.1.ep7.el7.src",
"product_id": "eap7-wildfly-0:7.0.7-4.GA_redhat_3.1.ep7.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly@7.0.7-4.GA_redhat_3.1.ep7.el7?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "eap7-jboss-remoting-0:4.0.23-1.Final_redhat_1.1.ep7.el7.noarch",
"product": {
"name": "eap7-jboss-remoting-0:4.0.23-1.Final_redhat_1.1.ep7.el7.noarch",
"product_id": "eap7-jboss-remoting-0:4.0.23-1.Final_redhat_1.1.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-remoting@4.0.23-1.Final_redhat_1.1.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-modules-0:1.5.4-1.Final_redhat_1.1.ep7.el7.noarch",
"product": {
"name": "eap7-jboss-modules-0:1.5.4-1.Final_redhat_1.1.ep7.el7.noarch",
"product_id": "eap7-jboss-modules-0:1.5.4-1.Final_redhat_1.1.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-modules@1.5.4-1.Final_redhat_1.1.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-core-api-0:1.3.7-1.Final_redhat_1.1.ep7.el7.noarch",
"product": {
"name": "eap7-ironjacamar-core-api-0:1.3.7-1.Final_redhat_1.1.ep7.el7.noarch",
"product_id": "eap7-ironjacamar-core-api-0:1.3.7-1.Final_redhat_1.1.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar-core-api@1.3.7-1.Final_redhat_1.1.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-validator-0:1.3.7-1.Final_redhat_1.1.ep7.el7.noarch",
"product": {
"name": "eap7-ironjacamar-validator-0:1.3.7-1.Final_redhat_1.1.ep7.el7.noarch",
"product_id": "eap7-ironjacamar-validator-0:1.3.7-1.Final_redhat_1.1.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar-validator@1.3.7-1.Final_redhat_1.1.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-common-api-0:1.3.7-1.Final_redhat_1.1.ep7.el7.noarch",
"product": {
"name": "eap7-ironjacamar-common-api-0:1.3.7-1.Final_redhat_1.1.ep7.el7.noarch",
"product_id": "eap7-ironjacamar-common-api-0:1.3.7-1.Final_redhat_1.1.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar-common-api@1.3.7-1.Final_redhat_1.1.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-common-spi-0:1.3.7-1.Final_redhat_1.1.ep7.el7.noarch",
"product": {
"name": "eap7-ironjacamar-common-spi-0:1.3.7-1.Final_redhat_1.1.ep7.el7.noarch",
"product_id": "eap7-ironjacamar-common-spi-0:1.3.7-1.Final_redhat_1.1.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar-common-spi@1.3.7-1.Final_redhat_1.1.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-core-impl-0:1.3.7-1.Final_redhat_1.1.ep7.el7.noarch",
"product": {
"name": "eap7-ironjacamar-core-impl-0:1.3.7-1.Final_redhat_1.1.ep7.el7.noarch",
"product_id": "eap7-ironjacamar-core-impl-0:1.3.7-1.Final_redhat_1.1.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar-core-impl@1.3.7-1.Final_redhat_1.1.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-jdbc-0:1.3.7-1.Final_redhat_1.1.ep7.el7.noarch",
"product": {
"name": "eap7-ironjacamar-jdbc-0:1.3.7-1.Final_redhat_1.1.ep7.el7.noarch",
"product_id": "eap7-ironjacamar-jdbc-0:1.3.7-1.Final_redhat_1.1.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar-jdbc@1.3.7-1.Final_redhat_1.1.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-deployers-common-0:1.3.7-1.Final_redhat_1.1.ep7.el7.noarch",
"product": {
"name": "eap7-ironjacamar-deployers-common-0:1.3.7-1.Final_redhat_1.1.ep7.el7.noarch",
"product_id": "eap7-ironjacamar-deployers-common-0:1.3.7-1.Final_redhat_1.1.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar-deployers-common@1.3.7-1.Final_redhat_1.1.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-0:1.3.7-1.Final_redhat_1.1.ep7.el7.noarch",
"product": {
"name": "eap7-ironjacamar-0:1.3.7-1.Final_redhat_1.1.ep7.el7.noarch",
"product_id": "eap7-ironjacamar-0:1.3.7-1.Final_redhat_1.1.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar@1.3.7-1.Final_redhat_1.1.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-common-impl-0:1.3.7-1.Final_redhat_1.1.ep7.el7.noarch",
"product": {
"name": "eap7-ironjacamar-common-impl-0:1.3.7-1.Final_redhat_1.1.ep7.el7.noarch",
"product_id": "eap7-ironjacamar-common-impl-0:1.3.7-1.Final_redhat_1.1.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar-common-impl@1.3.7-1.Final_redhat_1.1.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-resteasy-client-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.noarch",
"product": {
"name": "eap7-resteasy-client-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.noarch",
"product_id": "eap7-resteasy-client-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-resteasy-client@3.0.19-6.SP4_redhat_1.1.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-resteasy-jaxrs-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.noarch",
"product": {
"name": "eap7-resteasy-jaxrs-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.noarch",
"product_id": "eap7-resteasy-jaxrs-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-resteasy-jaxrs@3.0.19-6.SP4_redhat_1.1.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-resteasy-yaml-provider-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.noarch",
"product": {
"name": "eap7-resteasy-yaml-provider-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.noarch",
"product_id": "eap7-resteasy-yaml-provider-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-resteasy-yaml-provider@3.0.19-6.SP4_redhat_1.1.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-resteasy-jaxb-provider-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.noarch",
"product": {
"name": "eap7-resteasy-jaxb-provider-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.noarch",
"product_id": "eap7-resteasy-jaxb-provider-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-resteasy-jaxb-provider@3.0.19-6.SP4_redhat_1.1.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-resteasy-crypto-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.noarch",
"product": {
"name": "eap7-resteasy-crypto-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.noarch",
"product_id": "eap7-resteasy-crypto-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-resteasy-crypto@3.0.19-6.SP4_redhat_1.1.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-resteasy-atom-provider-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.noarch",
"product": {
"name": "eap7-resteasy-atom-provider-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.noarch",
"product_id": "eap7-resteasy-atom-provider-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-resteasy-atom-provider@3.0.19-6.SP4_redhat_1.1.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-resteasy-async-http-servlet-3.0-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.noarch",
"product": {
"name": "eap7-resteasy-async-http-servlet-3.0-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.noarch",
"product_id": "eap7-resteasy-async-http-servlet-3.0-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-resteasy-async-http-servlet-3.0@3.0.19-6.SP4_redhat_1.1.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-resteasy-json-p-provider-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.noarch",
"product": {
"name": "eap7-resteasy-json-p-provider-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.noarch",
"product_id": "eap7-resteasy-json-p-provider-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-resteasy-json-p-provider@3.0.19-6.SP4_redhat_1.1.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-resteasy-jackson-provider-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.noarch",
"product": {
"name": "eap7-resteasy-jackson-provider-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.noarch",
"product_id": "eap7-resteasy-jackson-provider-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-resteasy-jackson-provider@3.0.19-6.SP4_redhat_1.1.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-resteasy-jsapi-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.noarch",
"product": {
"name": "eap7-resteasy-jsapi-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.noarch",
"product_id": "eap7-resteasy-jsapi-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-resteasy-jsapi@3.0.19-6.SP4_redhat_1.1.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-resteasy-spring-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.noarch",
"product": {
"name": "eap7-resteasy-spring-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.noarch",
"product_id": "eap7-resteasy-spring-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-resteasy-spring@3.0.19-6.SP4_redhat_1.1.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-resteasy-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.noarch",
"product": {
"name": "eap7-resteasy-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.noarch",
"product_id": "eap7-resteasy-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-resteasy@3.0.19-6.SP4_redhat_1.1.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-resteasy-multipart-provider-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.noarch",
"product": {
"name": "eap7-resteasy-multipart-provider-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.noarch",
"product_id": "eap7-resteasy-multipart-provider-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-resteasy-multipart-provider@3.0.19-6.SP4_redhat_1.1.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-resteasy-jose-jwt-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.noarch",
"product": {
"name": "eap7-resteasy-jose-jwt-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.noarch",
"product_id": "eap7-resteasy-jose-jwt-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-resteasy-jose-jwt@3.0.19-6.SP4_redhat_1.1.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-resteasy-jettison-provider-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.noarch",
"product": {
"name": "eap7-resteasy-jettison-provider-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.noarch",
"product_id": "eap7-resteasy-jettison-provider-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-resteasy-jettison-provider@3.0.19-6.SP4_redhat_1.1.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-resteasy-validator-provider-11-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.noarch",
"product": {
"name": "eap7-resteasy-validator-provider-11-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.noarch",
"product_id": "eap7-resteasy-validator-provider-11-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-resteasy-validator-provider-11@3.0.19-6.SP4_redhat_1.1.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-resteasy-cdi-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.noarch",
"product": {
"name": "eap7-resteasy-cdi-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.noarch",
"product_id": "eap7-resteasy-cdi-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-resteasy-cdi@3.0.19-6.SP4_redhat_1.1.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-resteasy-jackson2-provider-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.noarch",
"product": {
"name": "eap7-resteasy-jackson2-provider-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.noarch",
"product_id": "eap7-resteasy-jackson2-provider-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-resteasy-jackson2-provider@3.0.19-6.SP4_redhat_1.1.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-ra-0:1.1.0-18.SP21_redhat_1.1.ep7.el7.noarch",
"product": {
"name": "eap7-activemq-artemis-ra-0:1.1.0-18.SP21_redhat_1.1.ep7.el7.noarch",
"product_id": "eap7-activemq-artemis-ra-0:1.1.0-18.SP21_redhat_1.1.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-ra@1.1.0-18.SP21_redhat_1.1.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-service-extensions-0:1.1.0-18.SP21_redhat_1.1.ep7.el7.noarch",
"product": {
"name": "eap7-activemq-artemis-service-extensions-0:1.1.0-18.SP21_redhat_1.1.ep7.el7.noarch",
"product_id": "eap7-activemq-artemis-service-extensions-0:1.1.0-18.SP21_redhat_1.1.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-service-extensions@1.1.0-18.SP21_redhat_1.1.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-native-0:1.1.0-18.SP21_redhat_1.1.ep7.el7.noarch",
"product": {
"name": "eap7-activemq-artemis-native-0:1.1.0-18.SP21_redhat_1.1.ep7.el7.noarch",
"product_id": "eap7-activemq-artemis-native-0:1.1.0-18.SP21_redhat_1.1.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-native@1.1.0-18.SP21_redhat_1.1.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-hqclient-protocol-0:1.1.0-18.SP21_redhat_1.1.ep7.el7.noarch",
"product": {
"name": "eap7-activemq-artemis-hqclient-protocol-0:1.1.0-18.SP21_redhat_1.1.ep7.el7.noarch",
"product_id": "eap7-activemq-artemis-hqclient-protocol-0:1.1.0-18.SP21_redhat_1.1.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-hqclient-protocol@1.1.0-18.SP21_redhat_1.1.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-selector-0:1.1.0-18.SP21_redhat_1.1.ep7.el7.noarch",
"product": {
"name": "eap7-activemq-artemis-selector-0:1.1.0-18.SP21_redhat_1.1.ep7.el7.noarch",
"product_id": "eap7-activemq-artemis-selector-0:1.1.0-18.SP21_redhat_1.1.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-selector@1.1.0-18.SP21_redhat_1.1.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-dto-0:1.1.0-18.SP21_redhat_1.1.ep7.el7.noarch",
"product": {
"name": "eap7-activemq-artemis-dto-0:1.1.0-18.SP21_redhat_1.1.ep7.el7.noarch",
"product_id": "eap7-activemq-artemis-dto-0:1.1.0-18.SP21_redhat_1.1.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-dto@1.1.0-18.SP21_redhat_1.1.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-commons-0:1.1.0-18.SP21_redhat_1.1.ep7.el7.noarch",
"product": {
"name": "eap7-activemq-artemis-commons-0:1.1.0-18.SP21_redhat_1.1.ep7.el7.noarch",
"product_id": "eap7-activemq-artemis-commons-0:1.1.0-18.SP21_redhat_1.1.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-commons@1.1.0-18.SP21_redhat_1.1.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-server-0:1.1.0-18.SP21_redhat_1.1.ep7.el7.noarch",
"product": {
"name": "eap7-activemq-artemis-server-0:1.1.0-18.SP21_redhat_1.1.ep7.el7.noarch",
"product_id": "eap7-activemq-artemis-server-0:1.1.0-18.SP21_redhat_1.1.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-server@1.1.0-18.SP21_redhat_1.1.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-core-client-0:1.1.0-18.SP21_redhat_1.1.ep7.el7.noarch",
"product": {
"name": "eap7-activemq-artemis-core-client-0:1.1.0-18.SP21_redhat_1.1.ep7.el7.noarch",
"product_id": "eap7-activemq-artemis-core-client-0:1.1.0-18.SP21_redhat_1.1.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-core-client@1.1.0-18.SP21_redhat_1.1.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-cli-0:1.1.0-18.SP21_redhat_1.1.ep7.el7.noarch",
"product": {
"name": "eap7-activemq-artemis-cli-0:1.1.0-18.SP21_redhat_1.1.ep7.el7.noarch",
"product_id": "eap7-activemq-artemis-cli-0:1.1.0-18.SP21_redhat_1.1.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-cli@1.1.0-18.SP21_redhat_1.1.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-jms-server-0:1.1.0-18.SP21_redhat_1.1.ep7.el7.noarch",
"product": {
"name": "eap7-activemq-artemis-jms-server-0:1.1.0-18.SP21_redhat_1.1.ep7.el7.noarch",
"product_id": "eap7-activemq-artemis-jms-server-0:1.1.0-18.SP21_redhat_1.1.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-jms-server@1.1.0-18.SP21_redhat_1.1.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-hornetq-protocol-0:1.1.0-18.SP21_redhat_1.1.ep7.el7.noarch",
"product": {
"name": "eap7-activemq-artemis-hornetq-protocol-0:1.1.0-18.SP21_redhat_1.1.ep7.el7.noarch",
"product_id": "eap7-activemq-artemis-hornetq-protocol-0:1.1.0-18.SP21_redhat_1.1.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-hornetq-protocol@1.1.0-18.SP21_redhat_1.1.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-journal-0:1.1.0-18.SP21_redhat_1.1.ep7.el7.noarch",
"product": {
"name": "eap7-activemq-artemis-journal-0:1.1.0-18.SP21_redhat_1.1.ep7.el7.noarch",
"product_id": "eap7-activemq-artemis-journal-0:1.1.0-18.SP21_redhat_1.1.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-journal@1.1.0-18.SP21_redhat_1.1.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-0:1.1.0-18.SP21_redhat_1.1.ep7.el7.noarch",
"product": {
"name": "eap7-activemq-artemis-0:1.1.0-18.SP21_redhat_1.1.ep7.el7.noarch",
"product_id": "eap7-activemq-artemis-0:1.1.0-18.SP21_redhat_1.1.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis@1.1.0-18.SP21_redhat_1.1.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-jms-client-0:1.1.0-18.SP21_redhat_1.1.ep7.el7.noarch",
"product": {
"name": "eap7-activemq-artemis-jms-client-0:1.1.0-18.SP21_redhat_1.1.ep7.el7.noarch",
"product_id": "eap7-activemq-artemis-jms-client-0:1.1.0-18.SP21_redhat_1.1.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-jms-client@1.1.0-18.SP21_redhat_1.1.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-entitymanager-0:5.0.14-1.Final_redhat_1.1.ep7.el7.noarch",
"product": {
"name": "eap7-hibernate-entitymanager-0:5.0.14-1.Final_redhat_1.1.ep7.el7.noarch",
"product_id": "eap7-hibernate-entitymanager-0:5.0.14-1.Final_redhat_1.1.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-entitymanager@5.0.14-1.Final_redhat_1.1.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-infinispan-0:5.0.14-1.Final_redhat_1.1.ep7.el7.noarch",
"product": {
"name": "eap7-hibernate-infinispan-0:5.0.14-1.Final_redhat_1.1.ep7.el7.noarch",
"product_id": "eap7-hibernate-infinispan-0:5.0.14-1.Final_redhat_1.1.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-infinispan@5.0.14-1.Final_redhat_1.1.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-envers-0:5.0.14-1.Final_redhat_1.1.ep7.el7.noarch",
"product": {
"name": "eap7-hibernate-envers-0:5.0.14-1.Final_redhat_1.1.ep7.el7.noarch",
"product_id": "eap7-hibernate-envers-0:5.0.14-1.Final_redhat_1.1.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-envers@5.0.14-1.Final_redhat_1.1.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-0:5.0.14-1.Final_redhat_1.1.ep7.el7.noarch",
"product": {
"name": "eap7-hibernate-0:5.0.14-1.Final_redhat_1.1.ep7.el7.noarch",
"product_id": "eap7-hibernate-0:5.0.14-1.Final_redhat_1.1.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate@5.0.14-1.Final_redhat_1.1.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-core-0:5.0.14-1.Final_redhat_1.1.ep7.el7.noarch",
"product": {
"name": "eap7-hibernate-core-0:5.0.14-1.Final_redhat_1.1.ep7.el7.noarch",
"product_id": "eap7-hibernate-core-0:5.0.14-1.Final_redhat_1.1.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-core@5.0.14-1.Final_redhat_1.1.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-java8-0:5.0.14-1.Final_redhat_1.1.ep7.el7.noarch",
"product": {
"name": "eap7-hibernate-java8-0:5.0.14-1.Final_redhat_1.1.ep7.el7.noarch",
"product_id": "eap7-hibernate-java8-0:5.0.14-1.Final_redhat_1.1.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-java8@5.0.14-1.Final_redhat_1.1.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-web-console-eap-0:2.8.30-1.Final_redhat_1.1.ep7.el7.noarch",
"product": {
"name": "eap7-wildfly-web-console-eap-0:2.8.30-1.Final_redhat_1.1.ep7.el7.noarch",
"product_id": "eap7-wildfly-web-console-eap-0:2.8.30-1.Final_redhat_1.1.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-web-console-eap@2.8.30-1.Final_redhat_1.1.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-xnio-base-0:3.4.6-1.Final_redhat_1.1.ep7.el7.noarch",
"product": {
"name": "eap7-jboss-xnio-base-0:3.4.6-1.Final_redhat_1.1.ep7.el7.noarch",
"product_id": "eap7-jboss-xnio-base-0:3.4.6-1.Final_redhat_1.1.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-xnio-base@3.4.6-1.Final_redhat_1.1.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-glassfish-jsf-0:2.2.12-2.SP4_redhat_1.1.ep7.el7.noarch",
"product": {
"name": "eap7-glassfish-jsf-0:2.2.12-2.SP4_redhat_1.1.ep7.el7.noarch",
"product_id": "eap7-glassfish-jsf-0:2.2.12-2.SP4_redhat_1.1.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-glassfish-jsf@2.2.12-2.SP4_redhat_1.1.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-databind-0:2.5.4-2.redhat_2.1.ep7.el7.noarch",
"product": {
"name": "eap7-jackson-databind-0:2.5.4-2.redhat_2.1.ep7.el7.noarch",
"product_id": "eap7-jackson-databind-0:2.5.4-2.redhat_2.1.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-databind@2.5.4-2.redhat_2.1.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-javadocs-0:7.0.7-3.GA_redhat_4.1.ep7.el7.noarch",
"product": {
"name": "eap7-wildfly-javadocs-0:7.0.7-3.GA_redhat_4.1.ep7.el7.noarch",
"product_id": "eap7-wildfly-javadocs-0:7.0.7-3.GA_redhat_4.1.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-javadocs@7.0.7-3.GA_redhat_4.1.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-0:7.0.7-4.GA_redhat_3.1.ep7.el7.noarch",
"product": {
"name": "eap7-wildfly-0:7.0.7-4.GA_redhat_3.1.ep7.el7.noarch",
"product_id": "eap7-wildfly-0:7.0.7-4.GA_redhat_3.1.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly@7.0.7-4.GA_redhat_3.1.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-modules-0:7.0.7-4.GA_redhat_3.1.ep7.el7.noarch",
"product": {
"name": "eap7-wildfly-modules-0:7.0.7-4.GA_redhat_3.1.ep7.el7.noarch",
"product_id": "eap7-wildfly-modules-0:7.0.7-4.GA_redhat_3.1.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-modules@7.0.7-4.GA_redhat_3.1.ep7.el7?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-0:1.1.0-18.SP21_redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.0:eap7-activemq-artemis-0:1.1.0-18.SP21_redhat_1.1.ep7.el7.noarch"
},
"product_reference": "eap7-activemq-artemis-0:1.1.0-18.SP21_redhat_1.1.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-0:1.1.0-18.SP21_redhat_1.1.ep7.el7.src as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.0:eap7-activemq-artemis-0:1.1.0-18.SP21_redhat_1.1.ep7.el7.src"
},
"product_reference": "eap7-activemq-artemis-0:1.1.0-18.SP21_redhat_1.1.ep7.el7.src",
"relates_to_product_reference": "7Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-cli-0:1.1.0-18.SP21_redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.0:eap7-activemq-artemis-cli-0:1.1.0-18.SP21_redhat_1.1.ep7.el7.noarch"
},
"product_reference": "eap7-activemq-artemis-cli-0:1.1.0-18.SP21_redhat_1.1.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-commons-0:1.1.0-18.SP21_redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.0:eap7-activemq-artemis-commons-0:1.1.0-18.SP21_redhat_1.1.ep7.el7.noarch"
},
"product_reference": "eap7-activemq-artemis-commons-0:1.1.0-18.SP21_redhat_1.1.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-core-client-0:1.1.0-18.SP21_redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.0:eap7-activemq-artemis-core-client-0:1.1.0-18.SP21_redhat_1.1.ep7.el7.noarch"
},
"product_reference": "eap7-activemq-artemis-core-client-0:1.1.0-18.SP21_redhat_1.1.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-dto-0:1.1.0-18.SP21_redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.0:eap7-activemq-artemis-dto-0:1.1.0-18.SP21_redhat_1.1.ep7.el7.noarch"
},
"product_reference": "eap7-activemq-artemis-dto-0:1.1.0-18.SP21_redhat_1.1.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-hornetq-protocol-0:1.1.0-18.SP21_redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.0:eap7-activemq-artemis-hornetq-protocol-0:1.1.0-18.SP21_redhat_1.1.ep7.el7.noarch"
},
"product_reference": "eap7-activemq-artemis-hornetq-protocol-0:1.1.0-18.SP21_redhat_1.1.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-hqclient-protocol-0:1.1.0-18.SP21_redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.0:eap7-activemq-artemis-hqclient-protocol-0:1.1.0-18.SP21_redhat_1.1.ep7.el7.noarch"
},
"product_reference": "eap7-activemq-artemis-hqclient-protocol-0:1.1.0-18.SP21_redhat_1.1.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-jms-client-0:1.1.0-18.SP21_redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.0:eap7-activemq-artemis-jms-client-0:1.1.0-18.SP21_redhat_1.1.ep7.el7.noarch"
},
"product_reference": "eap7-activemq-artemis-jms-client-0:1.1.0-18.SP21_redhat_1.1.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-jms-server-0:1.1.0-18.SP21_redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.0:eap7-activemq-artemis-jms-server-0:1.1.0-18.SP21_redhat_1.1.ep7.el7.noarch"
},
"product_reference": "eap7-activemq-artemis-jms-server-0:1.1.0-18.SP21_redhat_1.1.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-journal-0:1.1.0-18.SP21_redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.0:eap7-activemq-artemis-journal-0:1.1.0-18.SP21_redhat_1.1.ep7.el7.noarch"
},
"product_reference": "eap7-activemq-artemis-journal-0:1.1.0-18.SP21_redhat_1.1.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-native-0:1.1.0-18.SP21_redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.0:eap7-activemq-artemis-native-0:1.1.0-18.SP21_redhat_1.1.ep7.el7.noarch"
},
"product_reference": "eap7-activemq-artemis-native-0:1.1.0-18.SP21_redhat_1.1.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-ra-0:1.1.0-18.SP21_redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.0:eap7-activemq-artemis-ra-0:1.1.0-18.SP21_redhat_1.1.ep7.el7.noarch"
},
"product_reference": "eap7-activemq-artemis-ra-0:1.1.0-18.SP21_redhat_1.1.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-selector-0:1.1.0-18.SP21_redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.0:eap7-activemq-artemis-selector-0:1.1.0-18.SP21_redhat_1.1.ep7.el7.noarch"
},
"product_reference": "eap7-activemq-artemis-selector-0:1.1.0-18.SP21_redhat_1.1.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-server-0:1.1.0-18.SP21_redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.0:eap7-activemq-artemis-server-0:1.1.0-18.SP21_redhat_1.1.ep7.el7.noarch"
},
"product_reference": "eap7-activemq-artemis-server-0:1.1.0-18.SP21_redhat_1.1.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-service-extensions-0:1.1.0-18.SP21_redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.0:eap7-activemq-artemis-service-extensions-0:1.1.0-18.SP21_redhat_1.1.ep7.el7.noarch"
},
"product_reference": "eap7-activemq-artemis-service-extensions-0:1.1.0-18.SP21_redhat_1.1.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-glassfish-jsf-0:2.2.12-2.SP4_redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.0:eap7-glassfish-jsf-0:2.2.12-2.SP4_redhat_1.1.ep7.el7.noarch"
},
"product_reference": "eap7-glassfish-jsf-0:2.2.12-2.SP4_redhat_1.1.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-glassfish-jsf-0:2.2.12-2.SP4_redhat_1.1.ep7.el7.src as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.0:eap7-glassfish-jsf-0:2.2.12-2.SP4_redhat_1.1.ep7.el7.src"
},
"product_reference": "eap7-glassfish-jsf-0:2.2.12-2.SP4_redhat_1.1.ep7.el7.src",
"relates_to_product_reference": "7Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-0:5.0.14-1.Final_redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.0:eap7-hibernate-0:5.0.14-1.Final_redhat_1.1.ep7.el7.noarch"
},
"product_reference": "eap7-hibernate-0:5.0.14-1.Final_redhat_1.1.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-0:5.0.14-1.Final_redhat_1.1.ep7.el7.src as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.0:eap7-hibernate-0:5.0.14-1.Final_redhat_1.1.ep7.el7.src"
},
"product_reference": "eap7-hibernate-0:5.0.14-1.Final_redhat_1.1.ep7.el7.src",
"relates_to_product_reference": "7Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-core-0:5.0.14-1.Final_redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.0:eap7-hibernate-core-0:5.0.14-1.Final_redhat_1.1.ep7.el7.noarch"
},
"product_reference": "eap7-hibernate-core-0:5.0.14-1.Final_redhat_1.1.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-entitymanager-0:5.0.14-1.Final_redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.0:eap7-hibernate-entitymanager-0:5.0.14-1.Final_redhat_1.1.ep7.el7.noarch"
},
"product_reference": "eap7-hibernate-entitymanager-0:5.0.14-1.Final_redhat_1.1.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-envers-0:5.0.14-1.Final_redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.0:eap7-hibernate-envers-0:5.0.14-1.Final_redhat_1.1.ep7.el7.noarch"
},
"product_reference": "eap7-hibernate-envers-0:5.0.14-1.Final_redhat_1.1.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-infinispan-0:5.0.14-1.Final_redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.0:eap7-hibernate-infinispan-0:5.0.14-1.Final_redhat_1.1.ep7.el7.noarch"
},
"product_reference": "eap7-hibernate-infinispan-0:5.0.14-1.Final_redhat_1.1.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-java8-0:5.0.14-1.Final_redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.0:eap7-hibernate-java8-0:5.0.14-1.Final_redhat_1.1.ep7.el7.noarch"
},
"product_reference": "eap7-hibernate-java8-0:5.0.14-1.Final_redhat_1.1.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-0:1.3.7-1.Final_redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.0:eap7-ironjacamar-0:1.3.7-1.Final_redhat_1.1.ep7.el7.noarch"
},
"product_reference": "eap7-ironjacamar-0:1.3.7-1.Final_redhat_1.1.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-0:1.3.7-1.Final_redhat_1.1.ep7.el7.src as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.0:eap7-ironjacamar-0:1.3.7-1.Final_redhat_1.1.ep7.el7.src"
},
"product_reference": "eap7-ironjacamar-0:1.3.7-1.Final_redhat_1.1.ep7.el7.src",
"relates_to_product_reference": "7Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-common-api-0:1.3.7-1.Final_redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.0:eap7-ironjacamar-common-api-0:1.3.7-1.Final_redhat_1.1.ep7.el7.noarch"
},
"product_reference": "eap7-ironjacamar-common-api-0:1.3.7-1.Final_redhat_1.1.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-common-impl-0:1.3.7-1.Final_redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.0:eap7-ironjacamar-common-impl-0:1.3.7-1.Final_redhat_1.1.ep7.el7.noarch"
},
"product_reference": "eap7-ironjacamar-common-impl-0:1.3.7-1.Final_redhat_1.1.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-common-spi-0:1.3.7-1.Final_redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.0:eap7-ironjacamar-common-spi-0:1.3.7-1.Final_redhat_1.1.ep7.el7.noarch"
},
"product_reference": "eap7-ironjacamar-common-spi-0:1.3.7-1.Final_redhat_1.1.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-core-api-0:1.3.7-1.Final_redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.0:eap7-ironjacamar-core-api-0:1.3.7-1.Final_redhat_1.1.ep7.el7.noarch"
},
"product_reference": "eap7-ironjacamar-core-api-0:1.3.7-1.Final_redhat_1.1.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-core-impl-0:1.3.7-1.Final_redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.0:eap7-ironjacamar-core-impl-0:1.3.7-1.Final_redhat_1.1.ep7.el7.noarch"
},
"product_reference": "eap7-ironjacamar-core-impl-0:1.3.7-1.Final_redhat_1.1.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-deployers-common-0:1.3.7-1.Final_redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.0:eap7-ironjacamar-deployers-common-0:1.3.7-1.Final_redhat_1.1.ep7.el7.noarch"
},
"product_reference": "eap7-ironjacamar-deployers-common-0:1.3.7-1.Final_redhat_1.1.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-jdbc-0:1.3.7-1.Final_redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.0:eap7-ironjacamar-jdbc-0:1.3.7-1.Final_redhat_1.1.ep7.el7.noarch"
},
"product_reference": "eap7-ironjacamar-jdbc-0:1.3.7-1.Final_redhat_1.1.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-validator-0:1.3.7-1.Final_redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.0:eap7-ironjacamar-validator-0:1.3.7-1.Final_redhat_1.1.ep7.el7.noarch"
},
"product_reference": "eap7-ironjacamar-validator-0:1.3.7-1.Final_redhat_1.1.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-databind-0:2.5.4-2.redhat_2.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.0:eap7-jackson-databind-0:2.5.4-2.redhat_2.1.ep7.el7.noarch"
},
"product_reference": "eap7-jackson-databind-0:2.5.4-2.redhat_2.1.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-databind-0:2.5.4-2.redhat_2.1.ep7.el7.src as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.0:eap7-jackson-databind-0:2.5.4-2.redhat_2.1.ep7.el7.src"
},
"product_reference": "eap7-jackson-databind-0:2.5.4-2.redhat_2.1.ep7.el7.src",
"relates_to_product_reference": "7Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-modules-0:1.5.4-1.Final_redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.0:eap7-jboss-modules-0:1.5.4-1.Final_redhat_1.1.ep7.el7.noarch"
},
"product_reference": "eap7-jboss-modules-0:1.5.4-1.Final_redhat_1.1.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-modules-0:1.5.4-1.Final_redhat_1.1.ep7.el7.src as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.0:eap7-jboss-modules-0:1.5.4-1.Final_redhat_1.1.ep7.el7.src"
},
"product_reference": "eap7-jboss-modules-0:1.5.4-1.Final_redhat_1.1.ep7.el7.src",
"relates_to_product_reference": "7Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-remoting-0:4.0.23-1.Final_redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.0:eap7-jboss-remoting-0:4.0.23-1.Final_redhat_1.1.ep7.el7.noarch"
},
"product_reference": "eap7-jboss-remoting-0:4.0.23-1.Final_redhat_1.1.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-remoting-0:4.0.23-1.Final_redhat_1.1.ep7.el7.src as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.0:eap7-jboss-remoting-0:4.0.23-1.Final_redhat_1.1.ep7.el7.src"
},
"product_reference": "eap7-jboss-remoting-0:4.0.23-1.Final_redhat_1.1.ep7.el7.src",
"relates_to_product_reference": "7Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-xnio-base-0:3.4.6-1.Final_redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.0:eap7-jboss-xnio-base-0:3.4.6-1.Final_redhat_1.1.ep7.el7.noarch"
},
"product_reference": "eap7-jboss-xnio-base-0:3.4.6-1.Final_redhat_1.1.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-xnio-base-0:3.4.6-1.Final_redhat_1.1.ep7.el7.src as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.0:eap7-jboss-xnio-base-0:3.4.6-1.Final_redhat_1.1.ep7.el7.src"
},
"product_reference": "eap7-jboss-xnio-base-0:3.4.6-1.Final_redhat_1.1.ep7.el7.src",
"relates_to_product_reference": "7Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-resteasy-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.0:eap7-resteasy-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.noarch"
},
"product_reference": "eap7-resteasy-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-resteasy-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.src as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.0:eap7-resteasy-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.src"
},
"product_reference": "eap7-resteasy-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.src",
"relates_to_product_reference": "7Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-resteasy-async-http-servlet-3.0-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.0:eap7-resteasy-async-http-servlet-3.0-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.noarch"
},
"product_reference": "eap7-resteasy-async-http-servlet-3.0-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-resteasy-atom-provider-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.0:eap7-resteasy-atom-provider-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.noarch"
},
"product_reference": "eap7-resteasy-atom-provider-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-resteasy-cdi-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.0:eap7-resteasy-cdi-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.noarch"
},
"product_reference": "eap7-resteasy-cdi-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-resteasy-client-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.0:eap7-resteasy-client-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.noarch"
},
"product_reference": "eap7-resteasy-client-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-resteasy-crypto-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.0:eap7-resteasy-crypto-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.noarch"
},
"product_reference": "eap7-resteasy-crypto-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-resteasy-jackson-provider-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.0:eap7-resteasy-jackson-provider-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.noarch"
},
"product_reference": "eap7-resteasy-jackson-provider-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-resteasy-jackson2-provider-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.0:eap7-resteasy-jackson2-provider-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.noarch"
},
"product_reference": "eap7-resteasy-jackson2-provider-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-resteasy-jaxb-provider-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.0:eap7-resteasy-jaxb-provider-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.noarch"
},
"product_reference": "eap7-resteasy-jaxb-provider-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-resteasy-jaxrs-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.0:eap7-resteasy-jaxrs-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.noarch"
},
"product_reference": "eap7-resteasy-jaxrs-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-resteasy-jettison-provider-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.0:eap7-resteasy-jettison-provider-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.noarch"
},
"product_reference": "eap7-resteasy-jettison-provider-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-resteasy-jose-jwt-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.0:eap7-resteasy-jose-jwt-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.noarch"
},
"product_reference": "eap7-resteasy-jose-jwt-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-resteasy-jsapi-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.0:eap7-resteasy-jsapi-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.noarch"
},
"product_reference": "eap7-resteasy-jsapi-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-resteasy-json-p-provider-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.0:eap7-resteasy-json-p-provider-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.noarch"
},
"product_reference": "eap7-resteasy-json-p-provider-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-resteasy-multipart-provider-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.0:eap7-resteasy-multipart-provider-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.noarch"
},
"product_reference": "eap7-resteasy-multipart-provider-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-resteasy-spring-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.0:eap7-resteasy-spring-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.noarch"
},
"product_reference": "eap7-resteasy-spring-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-resteasy-validator-provider-11-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.0:eap7-resteasy-validator-provider-11-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.noarch"
},
"product_reference": "eap7-resteasy-validator-provider-11-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-resteasy-yaml-provider-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.0:eap7-resteasy-yaml-provider-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.noarch"
},
"product_reference": "eap7-resteasy-yaml-provider-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-0:7.0.7-4.GA_redhat_3.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.0:eap7-wildfly-0:7.0.7-4.GA_redhat_3.1.ep7.el7.noarch"
},
"product_reference": "eap7-wildfly-0:7.0.7-4.GA_redhat_3.1.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-0:7.0.7-4.GA_redhat_3.1.ep7.el7.src as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.0:eap7-wildfly-0:7.0.7-4.GA_redhat_3.1.ep7.el7.src"
},
"product_reference": "eap7-wildfly-0:7.0.7-4.GA_redhat_3.1.ep7.el7.src",
"relates_to_product_reference": "7Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-javadocs-0:7.0.7-3.GA_redhat_4.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.0:eap7-wildfly-javadocs-0:7.0.7-3.GA_redhat_4.1.ep7.el7.noarch"
},
"product_reference": "eap7-wildfly-javadocs-0:7.0.7-3.GA_redhat_4.1.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-javadocs-0:7.0.7-3.GA_redhat_4.1.ep7.el7.src as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.0:eap7-wildfly-javadocs-0:7.0.7-3.GA_redhat_4.1.ep7.el7.src"
},
"product_reference": "eap7-wildfly-javadocs-0:7.0.7-3.GA_redhat_4.1.ep7.el7.src",
"relates_to_product_reference": "7Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-modules-0:7.0.7-4.GA_redhat_3.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.0:eap7-wildfly-modules-0:7.0.7-4.GA_redhat_3.1.ep7.el7.noarch"
},
"product_reference": "eap7-wildfly-modules-0:7.0.7-4.GA_redhat_3.1.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-web-console-eap-0:2.8.30-1.Final_redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.0:eap7-wildfly-web-console-eap-0:2.8.30-1.Final_redhat_1.1.ep7.el7.noarch"
},
"product_reference": "eap7-wildfly-web-console-eap-0:2.8.30-1.Final_redhat_1.1.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-web-console-eap-0:2.8.30-1.Final_redhat_1.1.ep7.el7.src as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.0:eap7-wildfly-web-console-eap-0:2.8.30-1.Final_redhat_1.1.ep7.el7.src"
},
"product_reference": "eap7-wildfly-web-console-eap-0:2.8.30-1.Final_redhat_1.1.ep7.el7.src",
"relates_to_product_reference": "7Server-JBEAP-7.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2016-4978",
"discovery_date": "2016-09-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1379207"
}
],
"notes": [
{
"category": "description",
"text": "It was found that use of a JMS ObjectMessage does not safely handle user supplied data when deserializing objects. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using a JMS ObjectMessage.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Artemis: Deserialization of untrusted input vulnerability",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.0:eap7-activemq-artemis-0:1.1.0-18.SP21_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-activemq-artemis-0:1.1.0-18.SP21_redhat_1.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-activemq-artemis-cli-0:1.1.0-18.SP21_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-activemq-artemis-commons-0:1.1.0-18.SP21_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-activemq-artemis-core-client-0:1.1.0-18.SP21_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-activemq-artemis-dto-0:1.1.0-18.SP21_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-activemq-artemis-hornetq-protocol-0:1.1.0-18.SP21_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-activemq-artemis-hqclient-protocol-0:1.1.0-18.SP21_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-activemq-artemis-jms-client-0:1.1.0-18.SP21_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-activemq-artemis-jms-server-0:1.1.0-18.SP21_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-activemq-artemis-journal-0:1.1.0-18.SP21_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-activemq-artemis-native-0:1.1.0-18.SP21_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-activemq-artemis-ra-0:1.1.0-18.SP21_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-activemq-artemis-selector-0:1.1.0-18.SP21_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-activemq-artemis-server-0:1.1.0-18.SP21_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-activemq-artemis-service-extensions-0:1.1.0-18.SP21_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-glassfish-jsf-0:2.2.12-2.SP4_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-glassfish-jsf-0:2.2.12-2.SP4_redhat_1.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-hibernate-0:5.0.14-1.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-hibernate-0:5.0.14-1.Final_redhat_1.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-hibernate-core-0:5.0.14-1.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-hibernate-entitymanager-0:5.0.14-1.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-hibernate-envers-0:5.0.14-1.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-hibernate-infinispan-0:5.0.14-1.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-hibernate-java8-0:5.0.14-1.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-ironjacamar-0:1.3.7-1.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-ironjacamar-0:1.3.7-1.Final_redhat_1.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-ironjacamar-common-api-0:1.3.7-1.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-ironjacamar-common-impl-0:1.3.7-1.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-ironjacamar-common-spi-0:1.3.7-1.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-ironjacamar-core-api-0:1.3.7-1.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-ironjacamar-core-impl-0:1.3.7-1.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-ironjacamar-deployers-common-0:1.3.7-1.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-ironjacamar-jdbc-0:1.3.7-1.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-ironjacamar-validator-0:1.3.7-1.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-jackson-databind-0:2.5.4-2.redhat_2.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-jackson-databind-0:2.5.4-2.redhat_2.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-jboss-modules-0:1.5.4-1.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-jboss-modules-0:1.5.4-1.Final_redhat_1.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-jboss-remoting-0:4.0.23-1.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-jboss-remoting-0:4.0.23-1.Final_redhat_1.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-jboss-xnio-base-0:3.4.6-1.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-jboss-xnio-base-0:3.4.6-1.Final_redhat_1.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-resteasy-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-resteasy-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-resteasy-async-http-servlet-3.0-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-resteasy-atom-provider-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-resteasy-cdi-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-resteasy-client-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-resteasy-crypto-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-resteasy-jackson-provider-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-resteasy-jackson2-provider-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-resteasy-jaxb-provider-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-resteasy-jaxrs-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-resteasy-jettison-provider-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-resteasy-jose-jwt-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-resteasy-jsapi-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-resteasy-json-p-provider-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-resteasy-multipart-provider-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-resteasy-spring-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-resteasy-validator-provider-11-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-resteasy-yaml-provider-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-wildfly-0:7.0.7-4.GA_redhat_3.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-wildfly-0:7.0.7-4.GA_redhat_3.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-wildfly-javadocs-0:7.0.7-3.GA_redhat_4.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-wildfly-javadocs-0:7.0.7-3.GA_redhat_4.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-wildfly-modules-0:7.0.7-4.GA_redhat_3.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-wildfly-web-console-eap-0:2.8.30-1.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-wildfly-web-console-eap-0:2.8.30-1.Final_redhat_1.1.ep7.el7.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-4978"
},
{
"category": "external",
"summary": "RHBZ#1379207",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1379207"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-4978",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4978"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-4978",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-4978"
}
],
"release_date": "2016-09-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-07-31T14:58:11+00:00",
"details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.0:eap7-activemq-artemis-0:1.1.0-18.SP21_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-activemq-artemis-0:1.1.0-18.SP21_redhat_1.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-activemq-artemis-cli-0:1.1.0-18.SP21_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-activemq-artemis-commons-0:1.1.0-18.SP21_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-activemq-artemis-core-client-0:1.1.0-18.SP21_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-activemq-artemis-dto-0:1.1.0-18.SP21_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-activemq-artemis-hornetq-protocol-0:1.1.0-18.SP21_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-activemq-artemis-hqclient-protocol-0:1.1.0-18.SP21_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-activemq-artemis-jms-client-0:1.1.0-18.SP21_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-activemq-artemis-jms-server-0:1.1.0-18.SP21_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-activemq-artemis-journal-0:1.1.0-18.SP21_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-activemq-artemis-native-0:1.1.0-18.SP21_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-activemq-artemis-ra-0:1.1.0-18.SP21_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-activemq-artemis-selector-0:1.1.0-18.SP21_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-activemq-artemis-server-0:1.1.0-18.SP21_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-activemq-artemis-service-extensions-0:1.1.0-18.SP21_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-glassfish-jsf-0:2.2.12-2.SP4_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-glassfish-jsf-0:2.2.12-2.SP4_redhat_1.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-hibernate-0:5.0.14-1.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-hibernate-0:5.0.14-1.Final_redhat_1.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-hibernate-core-0:5.0.14-1.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-hibernate-entitymanager-0:5.0.14-1.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-hibernate-envers-0:5.0.14-1.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-hibernate-infinispan-0:5.0.14-1.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-hibernate-java8-0:5.0.14-1.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-ironjacamar-0:1.3.7-1.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-ironjacamar-0:1.3.7-1.Final_redhat_1.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-ironjacamar-common-api-0:1.3.7-1.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-ironjacamar-common-impl-0:1.3.7-1.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-ironjacamar-common-spi-0:1.3.7-1.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-ironjacamar-core-api-0:1.3.7-1.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-ironjacamar-core-impl-0:1.3.7-1.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-ironjacamar-deployers-common-0:1.3.7-1.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-ironjacamar-jdbc-0:1.3.7-1.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-ironjacamar-validator-0:1.3.7-1.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-jackson-databind-0:2.5.4-2.redhat_2.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-jackson-databind-0:2.5.4-2.redhat_2.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-jboss-modules-0:1.5.4-1.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-jboss-modules-0:1.5.4-1.Final_redhat_1.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-jboss-remoting-0:4.0.23-1.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-jboss-remoting-0:4.0.23-1.Final_redhat_1.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-jboss-xnio-base-0:3.4.6-1.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-jboss-xnio-base-0:3.4.6-1.Final_redhat_1.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-resteasy-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-resteasy-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-resteasy-async-http-servlet-3.0-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-resteasy-atom-provider-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-resteasy-cdi-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-resteasy-client-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-resteasy-crypto-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-resteasy-jackson-provider-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-resteasy-jackson2-provider-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-resteasy-jaxb-provider-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-resteasy-jaxrs-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-resteasy-jettison-provider-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-resteasy-jose-jwt-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-resteasy-jsapi-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-resteasy-json-p-provider-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-resteasy-multipart-provider-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-resteasy-spring-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-resteasy-validator-provider-11-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-resteasy-yaml-provider-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-wildfly-0:7.0.7-4.GA_redhat_3.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-wildfly-0:7.0.7-4.GA_redhat_3.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-wildfly-javadocs-0:7.0.7-3.GA_redhat_4.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-wildfly-javadocs-0:7.0.7-3.GA_redhat_4.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-wildfly-modules-0:7.0.7-4.GA_redhat_3.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-wildfly-web-console-eap-0:2.8.30-1.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-wildfly-web-console-eap-0:2.8.30-1.Final_redhat_1.1.ep7.el7.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:1835"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"7Server-JBEAP-7.0:eap7-activemq-artemis-0:1.1.0-18.SP21_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-activemq-artemis-0:1.1.0-18.SP21_redhat_1.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-activemq-artemis-cli-0:1.1.0-18.SP21_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-activemq-artemis-commons-0:1.1.0-18.SP21_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-activemq-artemis-core-client-0:1.1.0-18.SP21_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-activemq-artemis-dto-0:1.1.0-18.SP21_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-activemq-artemis-hornetq-protocol-0:1.1.0-18.SP21_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-activemq-artemis-hqclient-protocol-0:1.1.0-18.SP21_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-activemq-artemis-jms-client-0:1.1.0-18.SP21_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-activemq-artemis-jms-server-0:1.1.0-18.SP21_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-activemq-artemis-journal-0:1.1.0-18.SP21_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-activemq-artemis-native-0:1.1.0-18.SP21_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-activemq-artemis-ra-0:1.1.0-18.SP21_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-activemq-artemis-selector-0:1.1.0-18.SP21_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-activemq-artemis-server-0:1.1.0-18.SP21_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-activemq-artemis-service-extensions-0:1.1.0-18.SP21_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-glassfish-jsf-0:2.2.12-2.SP4_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-glassfish-jsf-0:2.2.12-2.SP4_redhat_1.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-hibernate-0:5.0.14-1.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-hibernate-0:5.0.14-1.Final_redhat_1.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-hibernate-core-0:5.0.14-1.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-hibernate-entitymanager-0:5.0.14-1.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-hibernate-envers-0:5.0.14-1.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-hibernate-infinispan-0:5.0.14-1.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-hibernate-java8-0:5.0.14-1.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-ironjacamar-0:1.3.7-1.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-ironjacamar-0:1.3.7-1.Final_redhat_1.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-ironjacamar-common-api-0:1.3.7-1.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-ironjacamar-common-impl-0:1.3.7-1.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-ironjacamar-common-spi-0:1.3.7-1.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-ironjacamar-core-api-0:1.3.7-1.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-ironjacamar-core-impl-0:1.3.7-1.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-ironjacamar-deployers-common-0:1.3.7-1.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-ironjacamar-jdbc-0:1.3.7-1.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-ironjacamar-validator-0:1.3.7-1.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-jackson-databind-0:2.5.4-2.redhat_2.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-jackson-databind-0:2.5.4-2.redhat_2.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-jboss-modules-0:1.5.4-1.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-jboss-modules-0:1.5.4-1.Final_redhat_1.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-jboss-remoting-0:4.0.23-1.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-jboss-remoting-0:4.0.23-1.Final_redhat_1.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-jboss-xnio-base-0:3.4.6-1.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-jboss-xnio-base-0:3.4.6-1.Final_redhat_1.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-resteasy-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-resteasy-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-resteasy-async-http-servlet-3.0-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-resteasy-atom-provider-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-resteasy-cdi-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-resteasy-client-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-resteasy-crypto-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-resteasy-jackson-provider-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-resteasy-jackson2-provider-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-resteasy-jaxb-provider-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-resteasy-jaxrs-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-resteasy-jettison-provider-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-resteasy-jose-jwt-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-resteasy-jsapi-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-resteasy-json-p-provider-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-resteasy-multipart-provider-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-resteasy-spring-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-resteasy-validator-provider-11-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-resteasy-yaml-provider-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-wildfly-0:7.0.7-4.GA_redhat_3.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-wildfly-0:7.0.7-4.GA_redhat_3.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-wildfly-javadocs-0:7.0.7-3.GA_redhat_4.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-wildfly-javadocs-0:7.0.7-3.GA_redhat_4.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-wildfly-modules-0:7.0.7-4.GA_redhat_3.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-wildfly-web-console-eap-0:2.8.30-1.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-wildfly-web-console-eap-0:2.8.30-1.Final_redhat_1.1.ep7.el7.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Artemis: Deserialization of untrusted input vulnerability"
},
{
"acknowledgments": [
{
"names": [
"Liao Xinxi"
],
"organization": "NSFOCUS"
}
],
"cve": "CVE-2017-7525",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2017-06-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1462702"
}
],
"notes": [
{
"category": "description",
"text": "A deserialization flaw was discovered in the jackson-databind which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: Deserialization vulnerability via readValue method of ObjectMapper",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue affects the versions of jackson-databind (in Satellite 6.0 and 6.1) and candlepin (which embeds a copy of jackson-databind in Satellite 6.2) as shipped with Red Hat Satellite 6.x. However the affected code is NOT used at this time:\n\nCandlepin currently uses the default type resolution configuration for the ObjectMappers it creates/uses. Nowhere in candlepin do we enable global polymorphic deserialization via enableDefaultTyping(...), therefore based on the documentation sited BZ 1462702 , candlepin should not be affected.\n\nHowever as the vulnerable software ships with the product we have marked them as vulnerable to ensure the issue is tracked.\n\nJBoss EAP 7.x only uses the vulnerable Jackson Databind library for marshalling and unmarshalling of JSON objects passed to JAX-RS webservices. Some advise about how to remain safe when using JAX-RS webservices on JBoss EAP 7.x is available here: \n\nhttps://access.redhat.com/solutions/3279231\n\nAlthough JBoss Fuse ships the vulnerable version of jackson-databind, it does not call on enableDefaultTyping() for any polymorphic deserialization operations which is the root cause of this vulnerability. We have raised a Jira tracker to ensure that jackson-databind will be upgraded for Fuse 7.0, however due to feasibility issues jackson-databind cannot be upgraded in JBoss Fuse 6.3.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.0:eap7-activemq-artemis-0:1.1.0-18.SP21_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-activemq-artemis-0:1.1.0-18.SP21_redhat_1.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-activemq-artemis-cli-0:1.1.0-18.SP21_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-activemq-artemis-commons-0:1.1.0-18.SP21_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-activemq-artemis-core-client-0:1.1.0-18.SP21_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-activemq-artemis-dto-0:1.1.0-18.SP21_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-activemq-artemis-hornetq-protocol-0:1.1.0-18.SP21_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-activemq-artemis-hqclient-protocol-0:1.1.0-18.SP21_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-activemq-artemis-jms-client-0:1.1.0-18.SP21_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-activemq-artemis-jms-server-0:1.1.0-18.SP21_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-activemq-artemis-journal-0:1.1.0-18.SP21_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-activemq-artemis-native-0:1.1.0-18.SP21_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-activemq-artemis-ra-0:1.1.0-18.SP21_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-activemq-artemis-selector-0:1.1.0-18.SP21_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-activemq-artemis-server-0:1.1.0-18.SP21_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-activemq-artemis-service-extensions-0:1.1.0-18.SP21_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-glassfish-jsf-0:2.2.12-2.SP4_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-glassfish-jsf-0:2.2.12-2.SP4_redhat_1.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-hibernate-0:5.0.14-1.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-hibernate-0:5.0.14-1.Final_redhat_1.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-hibernate-core-0:5.0.14-1.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-hibernate-entitymanager-0:5.0.14-1.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-hibernate-envers-0:5.0.14-1.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-hibernate-infinispan-0:5.0.14-1.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-hibernate-java8-0:5.0.14-1.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-ironjacamar-0:1.3.7-1.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-ironjacamar-0:1.3.7-1.Final_redhat_1.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-ironjacamar-common-api-0:1.3.7-1.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-ironjacamar-common-impl-0:1.3.7-1.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-ironjacamar-common-spi-0:1.3.7-1.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-ironjacamar-core-api-0:1.3.7-1.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-ironjacamar-core-impl-0:1.3.7-1.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-ironjacamar-deployers-common-0:1.3.7-1.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-ironjacamar-jdbc-0:1.3.7-1.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-ironjacamar-validator-0:1.3.7-1.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-jackson-databind-0:2.5.4-2.redhat_2.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-jackson-databind-0:2.5.4-2.redhat_2.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-jboss-modules-0:1.5.4-1.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-jboss-modules-0:1.5.4-1.Final_redhat_1.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-jboss-remoting-0:4.0.23-1.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-jboss-remoting-0:4.0.23-1.Final_redhat_1.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-jboss-xnio-base-0:3.4.6-1.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-jboss-xnio-base-0:3.4.6-1.Final_redhat_1.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-resteasy-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-resteasy-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-resteasy-async-http-servlet-3.0-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-resteasy-atom-provider-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-resteasy-cdi-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-resteasy-client-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-resteasy-crypto-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-resteasy-jackson-provider-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-resteasy-jackson2-provider-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-resteasy-jaxb-provider-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-resteasy-jaxrs-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-resteasy-jettison-provider-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-resteasy-jose-jwt-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-resteasy-jsapi-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-resteasy-json-p-provider-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-resteasy-multipart-provider-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-resteasy-spring-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-resteasy-validator-provider-11-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-resteasy-yaml-provider-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-wildfly-0:7.0.7-4.GA_redhat_3.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-wildfly-0:7.0.7-4.GA_redhat_3.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-wildfly-javadocs-0:7.0.7-3.GA_redhat_4.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-wildfly-javadocs-0:7.0.7-3.GA_redhat_4.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-wildfly-modules-0:7.0.7-4.GA_redhat_3.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-wildfly-web-console-eap-0:2.8.30-1.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-wildfly-web-console-eap-0:2.8.30-1.Final_redhat_1.1.ep7.el7.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-7525"
},
{
"category": "external",
"summary": "RHBZ#1462702",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1462702"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-7525",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7525"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-7525",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7525"
}
],
"release_date": "2017-07-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-07-31T14:58:11+00:00",
"details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.0:eap7-activemq-artemis-0:1.1.0-18.SP21_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-activemq-artemis-0:1.1.0-18.SP21_redhat_1.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-activemq-artemis-cli-0:1.1.0-18.SP21_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-activemq-artemis-commons-0:1.1.0-18.SP21_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-activemq-artemis-core-client-0:1.1.0-18.SP21_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-activemq-artemis-dto-0:1.1.0-18.SP21_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-activemq-artemis-hornetq-protocol-0:1.1.0-18.SP21_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-activemq-artemis-hqclient-protocol-0:1.1.0-18.SP21_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-activemq-artemis-jms-client-0:1.1.0-18.SP21_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-activemq-artemis-jms-server-0:1.1.0-18.SP21_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-activemq-artemis-journal-0:1.1.0-18.SP21_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-activemq-artemis-native-0:1.1.0-18.SP21_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-activemq-artemis-ra-0:1.1.0-18.SP21_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-activemq-artemis-selector-0:1.1.0-18.SP21_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-activemq-artemis-server-0:1.1.0-18.SP21_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-activemq-artemis-service-extensions-0:1.1.0-18.SP21_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-glassfish-jsf-0:2.2.12-2.SP4_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-glassfish-jsf-0:2.2.12-2.SP4_redhat_1.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-hibernate-0:5.0.14-1.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-hibernate-0:5.0.14-1.Final_redhat_1.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-hibernate-core-0:5.0.14-1.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-hibernate-entitymanager-0:5.0.14-1.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-hibernate-envers-0:5.0.14-1.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-hibernate-infinispan-0:5.0.14-1.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-hibernate-java8-0:5.0.14-1.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-ironjacamar-0:1.3.7-1.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-ironjacamar-0:1.3.7-1.Final_redhat_1.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-ironjacamar-common-api-0:1.3.7-1.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-ironjacamar-common-impl-0:1.3.7-1.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-ironjacamar-common-spi-0:1.3.7-1.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-ironjacamar-core-api-0:1.3.7-1.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-ironjacamar-core-impl-0:1.3.7-1.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-ironjacamar-deployers-common-0:1.3.7-1.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-ironjacamar-jdbc-0:1.3.7-1.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-ironjacamar-validator-0:1.3.7-1.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-jackson-databind-0:2.5.4-2.redhat_2.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-jackson-databind-0:2.5.4-2.redhat_2.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-jboss-modules-0:1.5.4-1.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-jboss-modules-0:1.5.4-1.Final_redhat_1.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-jboss-remoting-0:4.0.23-1.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-jboss-remoting-0:4.0.23-1.Final_redhat_1.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-jboss-xnio-base-0:3.4.6-1.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-jboss-xnio-base-0:3.4.6-1.Final_redhat_1.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-resteasy-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-resteasy-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-resteasy-async-http-servlet-3.0-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-resteasy-atom-provider-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-resteasy-cdi-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-resteasy-client-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-resteasy-crypto-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-resteasy-jackson-provider-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-resteasy-jackson2-provider-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-resteasy-jaxb-provider-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-resteasy-jaxrs-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-resteasy-jettison-provider-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-resteasy-jose-jwt-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-resteasy-jsapi-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-resteasy-json-p-provider-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-resteasy-multipart-provider-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-resteasy-spring-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-resteasy-validator-provider-11-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-resteasy-yaml-provider-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-wildfly-0:7.0.7-4.GA_redhat_3.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-wildfly-0:7.0.7-4.GA_redhat_3.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-wildfly-javadocs-0:7.0.7-3.GA_redhat_4.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-wildfly-javadocs-0:7.0.7-3.GA_redhat_4.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-wildfly-modules-0:7.0.7-4.GA_redhat_3.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-wildfly-web-console-eap-0:2.8.30-1.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-wildfly-web-console-eap-0:2.8.30-1.Final_redhat_1.1.ep7.el7.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:1835"
},
{
"category": "workaround",
"details": "Mitigation to this problem is to not trigger polymorphic desrialization globally by using: objectMapper.enableDefaultTyping() and rather use @JsonTypeInfo on the class property to explicitly define the type information. For more information on this issue please refer to https://www.github.com/mbechler/marshalsec/blob/master/marshalsec.pdf?raw=true",
"product_ids": [
"7Server-JBEAP-7.0:eap7-activemq-artemis-0:1.1.0-18.SP21_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-activemq-artemis-0:1.1.0-18.SP21_redhat_1.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-activemq-artemis-cli-0:1.1.0-18.SP21_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-activemq-artemis-commons-0:1.1.0-18.SP21_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-activemq-artemis-core-client-0:1.1.0-18.SP21_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-activemq-artemis-dto-0:1.1.0-18.SP21_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-activemq-artemis-hornetq-protocol-0:1.1.0-18.SP21_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-activemq-artemis-hqclient-protocol-0:1.1.0-18.SP21_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-activemq-artemis-jms-client-0:1.1.0-18.SP21_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-activemq-artemis-jms-server-0:1.1.0-18.SP21_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-activemq-artemis-journal-0:1.1.0-18.SP21_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-activemq-artemis-native-0:1.1.0-18.SP21_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-activemq-artemis-ra-0:1.1.0-18.SP21_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-activemq-artemis-selector-0:1.1.0-18.SP21_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-activemq-artemis-server-0:1.1.0-18.SP21_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-activemq-artemis-service-extensions-0:1.1.0-18.SP21_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-glassfish-jsf-0:2.2.12-2.SP4_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-glassfish-jsf-0:2.2.12-2.SP4_redhat_1.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-hibernate-0:5.0.14-1.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-hibernate-0:5.0.14-1.Final_redhat_1.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-hibernate-core-0:5.0.14-1.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-hibernate-entitymanager-0:5.0.14-1.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-hibernate-envers-0:5.0.14-1.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-hibernate-infinispan-0:5.0.14-1.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-hibernate-java8-0:5.0.14-1.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-ironjacamar-0:1.3.7-1.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-ironjacamar-0:1.3.7-1.Final_redhat_1.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-ironjacamar-common-api-0:1.3.7-1.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-ironjacamar-common-impl-0:1.3.7-1.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-ironjacamar-common-spi-0:1.3.7-1.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-ironjacamar-core-api-0:1.3.7-1.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-ironjacamar-core-impl-0:1.3.7-1.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-ironjacamar-deployers-common-0:1.3.7-1.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-ironjacamar-jdbc-0:1.3.7-1.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-ironjacamar-validator-0:1.3.7-1.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-jackson-databind-0:2.5.4-2.redhat_2.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-jackson-databind-0:2.5.4-2.redhat_2.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-jboss-modules-0:1.5.4-1.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-jboss-modules-0:1.5.4-1.Final_redhat_1.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-jboss-remoting-0:4.0.23-1.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-jboss-remoting-0:4.0.23-1.Final_redhat_1.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-jboss-xnio-base-0:3.4.6-1.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-jboss-xnio-base-0:3.4.6-1.Final_redhat_1.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-resteasy-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-resteasy-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-resteasy-async-http-servlet-3.0-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-resteasy-atom-provider-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-resteasy-cdi-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-resteasy-client-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-resteasy-crypto-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-resteasy-jackson-provider-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-resteasy-jackson2-provider-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-resteasy-jaxb-provider-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-resteasy-jaxrs-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-resteasy-jettison-provider-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-resteasy-jose-jwt-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-resteasy-jsapi-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-resteasy-json-p-provider-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-resteasy-multipart-provider-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-resteasy-spring-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-resteasy-validator-provider-11-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-resteasy-yaml-provider-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-wildfly-0:7.0.7-4.GA_redhat_3.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-wildfly-0:7.0.7-4.GA_redhat_3.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-wildfly-javadocs-0:7.0.7-3.GA_redhat_4.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-wildfly-javadocs-0:7.0.7-3.GA_redhat_4.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-wildfly-modules-0:7.0.7-4.GA_redhat_3.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-wildfly-web-console-eap-0:2.8.30-1.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-wildfly-web-console-eap-0:2.8.30-1.Final_redhat_1.1.ep7.el7.src"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"7Server-JBEAP-7.0:eap7-activemq-artemis-0:1.1.0-18.SP21_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-activemq-artemis-0:1.1.0-18.SP21_redhat_1.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-activemq-artemis-cli-0:1.1.0-18.SP21_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-activemq-artemis-commons-0:1.1.0-18.SP21_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-activemq-artemis-core-client-0:1.1.0-18.SP21_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-activemq-artemis-dto-0:1.1.0-18.SP21_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-activemq-artemis-hornetq-protocol-0:1.1.0-18.SP21_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-activemq-artemis-hqclient-protocol-0:1.1.0-18.SP21_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-activemq-artemis-jms-client-0:1.1.0-18.SP21_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-activemq-artemis-jms-server-0:1.1.0-18.SP21_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-activemq-artemis-journal-0:1.1.0-18.SP21_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-activemq-artemis-native-0:1.1.0-18.SP21_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-activemq-artemis-ra-0:1.1.0-18.SP21_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-activemq-artemis-selector-0:1.1.0-18.SP21_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-activemq-artemis-server-0:1.1.0-18.SP21_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-activemq-artemis-service-extensions-0:1.1.0-18.SP21_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-glassfish-jsf-0:2.2.12-2.SP4_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-glassfish-jsf-0:2.2.12-2.SP4_redhat_1.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-hibernate-0:5.0.14-1.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-hibernate-0:5.0.14-1.Final_redhat_1.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-hibernate-core-0:5.0.14-1.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-hibernate-entitymanager-0:5.0.14-1.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-hibernate-envers-0:5.0.14-1.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-hibernate-infinispan-0:5.0.14-1.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-hibernate-java8-0:5.0.14-1.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-ironjacamar-0:1.3.7-1.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-ironjacamar-0:1.3.7-1.Final_redhat_1.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-ironjacamar-common-api-0:1.3.7-1.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-ironjacamar-common-impl-0:1.3.7-1.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-ironjacamar-common-spi-0:1.3.7-1.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-ironjacamar-core-api-0:1.3.7-1.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-ironjacamar-core-impl-0:1.3.7-1.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-ironjacamar-deployers-common-0:1.3.7-1.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-ironjacamar-jdbc-0:1.3.7-1.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-ironjacamar-validator-0:1.3.7-1.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-jackson-databind-0:2.5.4-2.redhat_2.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-jackson-databind-0:2.5.4-2.redhat_2.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-jboss-modules-0:1.5.4-1.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-jboss-modules-0:1.5.4-1.Final_redhat_1.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-jboss-remoting-0:4.0.23-1.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-jboss-remoting-0:4.0.23-1.Final_redhat_1.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-jboss-xnio-base-0:3.4.6-1.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-jboss-xnio-base-0:3.4.6-1.Final_redhat_1.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-resteasy-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-resteasy-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-resteasy-async-http-servlet-3.0-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-resteasy-atom-provider-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-resteasy-cdi-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-resteasy-client-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-resteasy-crypto-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-resteasy-jackson-provider-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-resteasy-jackson2-provider-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-resteasy-jaxb-provider-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-resteasy-jaxrs-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-resteasy-jettison-provider-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-resteasy-jose-jwt-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-resteasy-jsapi-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-resteasy-json-p-provider-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-resteasy-multipart-provider-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-resteasy-spring-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-resteasy-validator-provider-11-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-resteasy-yaml-provider-0:3.0.19-6.SP4_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-wildfly-0:7.0.7-4.GA_redhat_3.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-wildfly-0:7.0.7-4.GA_redhat_3.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-wildfly-javadocs-0:7.0.7-3.GA_redhat_4.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-wildfly-javadocs-0:7.0.7-3.GA_redhat_4.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-wildfly-modules-0:7.0.7-4.GA_redhat_3.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-wildfly-web-console-eap-0:2.8.30-1.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-wildfly-web-console-eap-0:2.8.30-1.Final_redhat_1.1.ep7.el7.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "jackson-databind: Deserialization vulnerability via readValue method of ObjectMapper"
}
]
}
RHSA-2017:1836
Vulnerability from csaf_redhat - Published: 2017-07-31 14:47 - Updated: 2026-05-11 13:49Summary
Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.0.7
Severity
Important
Notes
Topic: An update is now available for Red Hat JBoss Enterprise Application Platform.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server.
This release of Red Hat JBoss Enterprise Application Platform 7.0.7 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.0.6, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.
Security Fix(es):
* A deserialization flaw was discovered in jackson-databind which could allow an unauthenticated user to perform code execution by sending maliciously crafted input to the readValue method of the ObjectMapper. (CVE-2017-7525)
* It was found that use of a JMS ObjectMessage does not safely handle user-supplied data when deserializing objects. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using the JMS ObjectMessage. (CVE-2016-4978)
Red Hat would like to thank Liao Xinxi (NSFOCUS) for reporting CVE-2017-7525.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
It was found that use of a JMS ObjectMessage does not safely handle user supplied data when deserializing objects. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using a JMS ObjectMessage.
6.6 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat JBoss EAP 7
Red Hat / Red Hat JBoss Enterprise Application Platform
|
cpe:/a:redhat:jboss_enterprise_application_platform:7
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A deserialization flaw was discovered in the jackson-databind which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper.
8.1 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat JBoss EAP 7
Red Hat / Red Hat JBoss Enterprise Application Platform
|
cpe:/a:redhat:jboss_enterprise_application_platform:7
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
References
16 references
| URL | Category |
|---|---|
| https://access.redhat.com/errata/RHSA-2017:1836 | self |
| https://access.redhat.com/security/updates/classi… | external |
| https://access.redhat.com/jbossnetwork/restricted… | external |
| https://access.redhat.com/documentation/en/red-ha… | external |
| https://access.redhat.com/documentation/en/jboss-… | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1379207 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1462702 | external |
| https://security.access.redhat.com/data/csaf/v2/a… | self |
| https://access.redhat.com/security/cve/CVE-2016-4978 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=1379207 | external |
| https://www.cve.org/CVERecord?id=CVE-2016-4978 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2016-4978 | external |
| https://access.redhat.com/security/cve/CVE-2017-7525 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=1462702 | external |
| https://www.cve.org/CVERecord?id=CVE-2017-7525 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2017-7525 | external |
Acknowledgments
NSFOCUS
Liao Xinxi
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update is now available for Red Hat JBoss Enterprise Application Platform.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server.\n\nThis release of Red Hat JBoss Enterprise Application Platform 7.0.7 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.0.6, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.\n\nSecurity Fix(es):\n\n* A deserialization flaw was discovered in jackson-databind which could allow an unauthenticated user to perform code execution by sending maliciously crafted input to the readValue method of the ObjectMapper. (CVE-2017-7525)\n\n* It was found that use of a JMS ObjectMessage does not safely handle user-supplied data when deserializing objects. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using the JMS ObjectMessage. (CVE-2016-4978)\n\nRed Hat would like to thank Liao Xinxi (NSFOCUS) for reporting CVE-2017-7525.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2017:1836",
"url": "https://access.redhat.com/errata/RHSA-2017:1836"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=appplatform\u0026downloadType=securityPatches\u0026version=7.0",
"url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=appplatform\u0026downloadType=securityPatches\u0026version=7.0"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en/red-hat-jboss-enterprise-application-platform/version-7.0/",
"url": "https://access.redhat.com/documentation/en/red-hat-jboss-enterprise-application-platform/version-7.0/"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en/jboss-enterprise-application-platform/",
"url": "https://access.redhat.com/documentation/en/jboss-enterprise-application-platform/"
},
{
"category": "external",
"summary": "1379207",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1379207"
},
{
"category": "external",
"summary": "1462702",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1462702"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2017/rhsa-2017_1836.json"
}
],
"title": "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.0.7",
"tracking": {
"current_release_date": "2026-05-11T13:49:28+00:00",
"generator": {
"date": "2026-05-11T13:49:28+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.9"
}
},
"id": "RHSA-2017:1836",
"initial_release_date": "2017-07-31T14:47:54+00:00",
"revision_history": [
{
"date": "2017-07-31T14:47:54+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2017-07-31T14:47:54+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-05-11T13:49:28+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat JBoss EAP 7",
"product": {
"name": "Red Hat JBoss EAP 7",
"product_id": "Red Hat JBoss EAP 7",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss Enterprise Application Platform"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2016-4978",
"discovery_date": "2016-09-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1379207"
}
],
"notes": [
{
"category": "description",
"text": "It was found that use of a JMS ObjectMessage does not safely handle user supplied data when deserializing objects. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using a JMS ObjectMessage.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Artemis: Deserialization of untrusted input vulnerability",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss EAP 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-4978"
},
{
"category": "external",
"summary": "RHBZ#1379207",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1379207"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-4978",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4978"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-4978",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-4978"
}
],
"release_date": "2016-09-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-07-31T14:47:54+00:00",
"details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat JBoss EAP 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:1836"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"Red Hat JBoss EAP 7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Artemis: Deserialization of untrusted input vulnerability"
},
{
"acknowledgments": [
{
"names": [
"Liao Xinxi"
],
"organization": "NSFOCUS"
}
],
"cve": "CVE-2017-7525",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2017-06-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1462702"
}
],
"notes": [
{
"category": "description",
"text": "A deserialization flaw was discovered in the jackson-databind which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: Deserialization vulnerability via readValue method of ObjectMapper",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue affects the versions of jackson-databind (in Satellite 6.0 and 6.1) and candlepin (which embeds a copy of jackson-databind in Satellite 6.2) as shipped with Red Hat Satellite 6.x. However the affected code is NOT used at this time:\n\nCandlepin currently uses the default type resolution configuration for the ObjectMappers it creates/uses. Nowhere in candlepin do we enable global polymorphic deserialization via enableDefaultTyping(...), therefore based on the documentation sited BZ 1462702 , candlepin should not be affected.\n\nHowever as the vulnerable software ships with the product we have marked them as vulnerable to ensure the issue is tracked.\n\nJBoss EAP 7.x only uses the vulnerable Jackson Databind library for marshalling and unmarshalling of JSON objects passed to JAX-RS webservices. Some advise about how to remain safe when using JAX-RS webservices on JBoss EAP 7.x is available here: \n\nhttps://access.redhat.com/solutions/3279231\n\nAlthough JBoss Fuse ships the vulnerable version of jackson-databind, it does not call on enableDefaultTyping() for any polymorphic deserialization operations which is the root cause of this vulnerability. We have raised a Jira tracker to ensure that jackson-databind will be upgraded for Fuse 7.0, however due to feasibility issues jackson-databind cannot be upgraded in JBoss Fuse 6.3.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss EAP 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-7525"
},
{
"category": "external",
"summary": "RHBZ#1462702",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1462702"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-7525",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7525"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-7525",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7525"
}
],
"release_date": "2017-07-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-07-31T14:47:54+00:00",
"details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat JBoss EAP 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:1836"
},
{
"category": "workaround",
"details": "Mitigation to this problem is to not trigger polymorphic desrialization globally by using: objectMapper.enableDefaultTyping() and rather use @JsonTypeInfo on the class property to explicitly define the type information. For more information on this issue please refer to https://www.github.com/mbechler/marshalsec/blob/master/marshalsec.pdf?raw=true",
"product_ids": [
"Red Hat JBoss EAP 7"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"Red Hat JBoss EAP 7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "jackson-databind: Deserialization vulnerability via readValue method of ObjectMapper"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…